From the course: CompTIA Advanced Security Practitioner (CASP+) (CAS-004) Cert Prep
Join today to access over 24,200 courses taught by industry experts.
Log collection and analysis
From the course: CompTIA Advanced Security Practitioner (CASP+) (CAS-004) Cert Prep
Log collection and analysis
- In this lesson, we're going to discuss log collection and analysis when working in the cloud. As you probably already know, conducting log reviews is a critical part of cybersecurity and information assurance. As cybersecurity practitioners, we need to gather the logs from our different operating systems and then analyze those to detect patterns, baselines, and anomalies. Logs should be consistently monitored and not only reviewed after an incident or data breach either. Log review and analysis isn't just part of your incident response efforts, but it needs to also be a routine and regular part of your threat hunting and system management efforts. Logs contain details about what events are occurring in your platforms, your systems, your applications, and your users. But logs are not always enabled by default in our cloud-based software tools. For example, if you use Slack, Zoom, Microsoft Teams, Confluence, Google Docs, and many others, they disable access audit logs by default to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
Securing networks6m 48s
-
Switches7m 27s
-
(Locked)
Routers8m 27s
-
(Locked)
Wireless and mesh3m 23s
-
(Locked)
Firewalls11m 30s
-
(Locked)
Proxies6m 59s
-
(Locked)
Gateways4m 39s
-
(Locked)
IDS and IPS6m 29s
-
(Locked)
Network access control2m 56s
-
(Locked)
Remote access8m 59s
-
(Locked)
Unified communication19m 8s
-
(Locked)
Cloud vs. on-premises4m 49s
-
(Locked)
DNSSEC4m 16s
-
(Locked)
Load balancer6m 48s
-
-
-
Securing architectures1m 16s
-
Traffic mirroring4m 23s
-
(Locked)
Network sensors11m 46s
-
(Locked)
Host sensors6m 15s
-
(Locked)
Layer 2 segmentation5m 14s
-
(Locked)
Network segmentation13m 14s
-
(Locked)
Server segmentation10m 51s
-
(Locked)
Zero trust6m 37s
-
(Locked)
Merging networks5m 32s
-
(Locked)
Software-defined networking5m 27s
-
-
-
Cloud and virtualization1m 6s
-
Cloud deployment models4m 34s
-
(Locked)
Cloud service models5m 7s
-
(Locked)
Deployment considerations4m 57s
-
(Locked)
Provider limitations2m 59s
-
(Locked)
Extending controls5m 6s
-
(Locked)
Provisioning and deprovision2m 59s
-
(Locked)
Storage models5m 22s
-
(Locked)
Virtualization7m 56s
-
-
-
Authentication and authorization1m 44s
-
Access control4m 47s
-
(Locked)
Credential management4m 27s
-
(Locked)
Password policies8m 2s
-
(Locked)
Multifactor authentication8m 25s
-
(Locked)
Authentication protocols10m
-
(Locked)
Federation7m 2s
-
(Locked)
Root of trust4m 24s
-
(Locked)
Attestation2m 14s
-
(Locked)
Identity proofing3m 33s
-
-
-
Emerging technology4m 18s
-
Artificial intelligence and machine learning8m 55s
-
(Locked)
Deep learning8m 58s
-
(Locked)
Big data4m 40s
-
(Locked)
Blockchain distributed consensus5m 36s
-
(Locked)
Passwordless authentication5m 17s
-
(Locked)
Homomorphic encryption3m 37s
-
(Locked)
Virtual and augmented reality4m 32s
-
(Locked)
3D printing3m 3s
-
(Locked)
Quantum computing5m 34s
-
-
-
(Locked)
Threat and vulnerability management1m 56s
-
(Locked)
Threat intelligence6m 19s
-
(Locked)
Threat hunting6m 43s
-
(Locked)
Intelligence collection11m 9s
-
(Locked)
Threat actors9m 21s
-
(Locked)
Threat management frameworks12m 45s
-
(Locked)
Vulnerability management activities11m 44s
-
(Locked)
Security Content Automation Protocol7m 21s
-
(Locked)
-
-
(Locked)
Analyzing vulnerabilities1m 22s
-
(Locked)
Race conditions4m 58s
-
(Locked)
Buffer overflows12m 27s
-
(Locked)
Authentication and references5m 56s
-
(Locked)
Ciphers and certificates10m 46s
-
(Locked)
Improper headers6m 9s
-
(Locked)
Software composition9m 49s
-
(Locked)
Vulnerable web applications11m 45s
-
(Locked)
-
-
(Locked)
Attacking vulnerabilities1m 15s
-
(Locked)
Directory traversals9m 48s
-
(Locked)
Cross-Site Scripting (XSS)8m 59s
-
(Locked)
Cross-site request forgery (CSRF)7m 15s
-
(Locked)
SQL injections7m 5s
-
(Locked)
XML injections6m 29s
-
(Locked)
Other injection attacks4m 21s
-
(Locked)
Authentication bypass6m 45s
-
(Locked)
VM attacks4m 52s
-
(Locked)
Network Attacks11m 3s
-
(Locked)
Social engineering7m 15s
-
(Locked)
-
-
(Locked)
Enterprise mobility2m 36s
-
(Locked)
Enterprise mobility management9m 36s
-
(Locked)
WPA37m 20s
-
(Locked)
Connectivity options8m 48s
-
(Locked)
Security configurations8m 8s
-
(Locked)
DNS protection3m 15s
-
(Locked)
Deployment options4m 38s
-
(Locked)
Reconnaissance concerns8m
-
(Locked)
Mobile security7m 50s
-
(Locked)
-
-
(Locked)
Endpoint security controls2m 24s
-
(Locked)
Device hardening8m 30s
-
(Locked)
Patching4m 41s
-
(Locked)
Security settings5m 41s
-
(Locked)
Mandatory access controls (MAC)6m 44s
-
(Locked)
Secure boot5m 49s
-
(Locked)
Hardware encryption4m 48s
-
(Locked)
Endpoint protections9m 54s
-
(Locked)
Logging and monitoring6m 14s
-
(Locked)
Resiliency6m 4s
-
(Locked)
-
-
(Locked)
Cloud technologies2m 37s
-
(Locked)
Business continuity and disaster recovery7m 51s
-
(Locked)
Cloud encryption5m 23s
-
(Locked)
Serverless computing8m 54s
-
(Locked)
Software-defined networking (SDN)6m 52s
-
(Locked)
Log collection and analysis4m 22s
-
(Locked)
Cloud application security broker6m 16s
-
(Locked)
Cloud misconfigurations10m 57s
-
(Locked)
-
-
(Locked)
Asymmetric algorithms2m 11s
-
(Locked)
Using asymmetric algorithms9m 28s
-
(Locked)
SSL, TLS, and cipher suites8m 21s
-
(Locked)
S/MIME and SSH7m 27s
-
(Locked)
EAP5m 39s
-
(Locked)
IPSec14m 34s
-
(Locked)
Elliptic curve cryptography (ECC)3m 33s
-
(Locked)
Forward secrecy3m 35s
-
(Locked)
Authenticated encryption with associated data (AEAD)1m 53s
-
(Locked)
Key stretching4m 30s
-
(Locked)
-
-
(Locked)
Public key infrastructure4m 30s
-
(Locked)
PKI components10m 18s
-
(Locked)
Digital certificates7m 44s
-
(Locked)
Using digital certificates5m 40s
-
(Locked)
Trust models4m 28s
-
(Locked)
Certificate management2m 44s
-
(Locked)
Certificate validity: CRL and OCSP3m 48s
-
(Locked)
Protecting web traffic3m 30s
-
(Locked)
Troubleshooting certificates5m 22s
-
(Locked)
Troubleshooting keys3m 35s
-
(Locked)