Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover image Title page Table of Contents Copyright Dedication Acknowledgements About the Authors
Chris Sanders, Lead Author Jason Smith, Co-Author David J. Bianco, Contributing Author Liam Randall, Contributing Author
Foreword Preface
Audience Prerequisites Concepts and Approach IP Address Disclaimer Companion Website Charitable Support Contacting Us
Chapter 1. The Practice of Applied Network Security Monitoring
Abstract Key NSM Terms Intrusion Detection Network Security Monitoring Vulnerability-Centric vs. Threat-Centric Defense The NSM Cycle: Collection, Detection, and Analysis Challenges to NSM Defining the Analyst Security Onion Conclusion
Section 1: Collection
Chapter 2. Planning Data Collection
Abstract The Applied Collection Framework (ACF) Case Scenario: Online Retailer Conclusion
Chapter 3. The Sensor Platform
Abstract NSM Data Types Sensor Type Sensor Hardware Sensor Operating System Sensor Placement Securing the Sensor Conclusion
Chapter 4. Session Data
Abstract Flow Records Collecting Session Data Collecting and Analyzing Flow Data with SiLK Collecting and Analyzing Flow Data with Argus Session Data Storage Considerations Conclusion
Chapter 5. Full Packet Capture Data
Abstract Dumpcap Daemonlogger Netsniff-NG Choosing the Right FPC Collection Tool Planning for FPC Collection Decreasing the FPC Data Storage Burden Managing FPC Data Retention Conclusion
Chapter 6. Packet String Data
Abstract Defining Packet String Data PSTR Data Collection Viewing PSTR Data Conclusion
Section 2: Detection
Chapter 7. Detection Mechanisms, Indicators of Compromise, and Signatures
Abstract Detection Mechanisms Indicators of Compromise and Signatures Managing Indicators and Signatures Indicator and Signature Frameworks Conclusion
Chapter 8. Reputation-Based Detection
Abstract Public Reputation Lists Automating Reputation-Based Detection Conclusion
Chapter 9. Signature-Based Detection with Snort and Suricata
Abstract Snort Suricata Changing IDS Engines in Security Onion Initializing Snort and Suricata for Intrusion Detection Configuring Snort and Suricata IDS Rules Viewing Snort and Suricata Alerts Conclusion
Chapter 10. The Bro Platform
Abstract Basic Bro Concepts Running Bro Bro Logs Creating Custom Detection Tools with Bro Conclusion
Chapter 11. Anomaly-Based Detection with Statistical Data
Abstract Top Talkers with SiLK Service Discovery with SiLK Furthering Detection with Statistics Visualizing Statistics with Gnuplot Visualizing Statistics with Google Charts Visualizing Statistics with Afterglow Conclusion
Chapter 12. Using Canary Honeypots for Detection
Abstract Canary Honeypots Types of Honeypots Canary Honeypot Architecture Honeypot Platforms Conclusion
Section 3: Analysis
Chapter 13. Packet Analysis
Abstract Enter the Packet Packet Math Dissecting Packets Tcpdump for NSM Analysis TShark for Packet Analysis Wireshark for NSM Analysis Packet Filtering Conclusion
Chapter 14. Friendly and Threat Intelligence
Abstract The Intelligence Cycle for NSM Generating Friendly Intelligence Generating Threat Intelligence Conclusion
Chapter 15. The Analysis Process
Abstract Analysis Methods Analysis Best Practices Incident Morbidity and Mortality Conclusion
Appendix 1. Security Onion Control Scripts
High Level Commands Server Control Commands Sensor Control Commands
Appendix 2. Important Security Onion Files and Directories
Application Directories and Configuration Files Sensor Data Directories
Appendix 3. Packet Headers Appendix 4. Decimal / Hex / ASCII Conversion Chart Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion