• Layer 2 Security:LAB
    , ,

    Layer 2 Security:LAB

    DHCP Snooping, Dynamic ARP inspection, Port Security Exercise 4 – Configuring Layer 2 Security Features Sometimes a network could have traffic that is malicious. These types of traffic cannot be filtered with an access-list. For example, if we have clients that are configured to dynamically…

  • SIEM: NOTES
    , ,

    SIEM: NOTES

    What is SIEM SIEM stands for Security Information and Event Management system. It is a tool that collects data from various endpoints/network devices across the network, stores them at a centralized place, and performs correlation on them. Before explaining the importance of SIEM, let’s first understand why it…

  • Wazuh: WALKTHROUGH
    , ,

    Wazuh: WALKTHROUGH

    [INCOMPLETE] Created in 2015, Wazuh is an open-source, freely available and extensive EDR solution. It can be used in all scales of environments. Wazuh operates on a management and agent module. Simply, a device is dedicated to running Wazuh named a manager, where Wazuh operates on a management…

  • Endpoint Security: NOTES
    , ,

    Endpoint Security: NOTES

    Wazuh Wazuh is an open-source, freely available, and extensive EDR solution, which Security Engineers can deploy in all scales of environments. Wazuh operates on a management and agent model where a dedicated manager device is responsible for managing agents installed on the devices you'd like to monitor.…

  • TShark: NOTES
    , ,

    TShark: NOTES

    TShark is an open-source command-line network traffic analyser. It is created by the Wireshark developers and has most of the features of Wireshark. It is commonly used as a command-line version of Wireshark. However, it can also be used like tcpdump. Therefore it is preferred…