Cyber Defence Monitoring (ADL 430)

This e-Learning course is a mandatory e-learning module of the residential Cyber Defence Monitoring courses and can be used as a standalone introduction to network security monitoring as well as a pre-reading material for attending the classroom training for NATO CCDCOE cyber defense monitoring courses:

  • Rule-based Threat Detection
  • Large Scale Packet Capture Analysis

While this e-learning module introduces the basics of NSM that everyone should know before attending the classroom training, it does not provide the necessary technical prerequisites and experience necessary to follow the classroom training. Make sure you have the necessary experience before joining (see the details below).

With the completion of this course the students can earn 1 ISACA CPE hours.

This course is open to all individuals from Sponsoring Nations, Contributing Participants and NATO; and it can be accessed through the NATO e-Learning Joint Advanced Distributed Learning Portal.

 

Outline of the course

 1. Introduction

  • Basic introduction to network security monitoring (NSM)
  • Relevance of NSM and network security policies
  • Overview of different network monitoring tool types
  1. Setting up an NSM solution
  • Placement of sensors on the network
  • Connecting sensors to the monitored network
  • Architecture of the NSM solution
  • Customizing according to the needs of the organization
  1. Logging and analysis
  • Collecting logs from the NSM tools
  • Analyzing NSM logs
  • Analyzing PCAP files
  • Basic dashboarding

Target Audience

  • Technical IT security staff in charge of network security monitoring.
  • Security and IT managers who want to get a real-life understanding of Suricata.
  • Locked Shields Blue Team members and/or national representatives.

Prerequisites

  • Good understanding of TCP/IP networking and network and system administration.
  • Recent everyday network/system administrator work experience for at least 2 years in UNIX environments.
  • Previous detailed knowledge on the following topics:
  • work principles of UNIX operating systems and UNIX file system layout;
  • common UNIX shells (e.g., sh, bash);
  • common UNIX user tools (e.g., ls, ps, kill); and
  • common UNIX system administration utilities.
  • Scripting experience is required.
  • Basic Python skills are required
  • write a function and for loop;
  • invoke standard libraries;
  • use core data structures.
  • English language skill comparable to STANAG 6001, 3.2.3.2.

Registration

The course can be accessed through the NATO e-Learning Joint Advanced Distributed Learning portal and is available to all users of the portal. Once registered, users may access the course by navigating to the ‘Centres of Excellence’ -> ‘COE Cyber Defence’ -> ‘ADL 430 Cyber Defence Monitoring’ course listing.

Module certificate: It is necessary when applying for the residential part of the course and you can download it once you successfully finish the final test of the module. When you register for the residential part of the course please email it to: [email protected].

 

The NATO Cooperative Cyber Defence Centre of Excellence

ccdcoe-at-ccdcoe.org
+372 7176 800
Filtri tee 5, Tallinn 10132, Estonia