Most Recent
-
Layer 2 Security:LAB
DHCP Snooping, Dynamic ARP inspection, Port Security Exercise 4 – Configuring Layer 2 Security Features Sometimes a network could have traffic that is malicious. These types of traffic cannot be filtered with an access-list. For example, if we have clients that are configured to dynamically…
-
SIEM: NOTES
What is SIEM SIEM stands for Security Information and Event Management system. It is a tool that collects data from various endpoints/network devices across the network, stores them at a centralized place, and performs correlation on them. Before explaining the importance of SIEM, let’s first understand why it…
-
Wazuh: WALKTHROUGH
[INCOMPLETE] Created in 2015, Wazuh is an open-source, freely available and extensive EDR solution. It can be used in all scales of environments. Wazuh operates on a management and agent module. Simply, a device is dedicated to running Wazuh named a manager, where Wazuh operates on a management…
-
Endpoint Security: NOTES
Wazuh Wazuh is an open-source, freely available, and extensive EDR solution, which Security Engineers can deploy in all scales of environments. Wazuh operates on a management and agent model where a dedicated manager device is responsible for managing agents installed on the devices you'd like to monitor.…
-
TShark: NOTES
TShark is an open-source command-line network traffic analyser. It is created by the Wireshark developers and has most of the features of Wireshark. It is commonly used as a command-line version of Wireshark. However, it can also be used like tcpdump. Therefore it is preferred…
