Chapter 8

Fundamentals of Intrusion Analysis

This chapter covers the following topics:

Introduction to Incident Response

The Incident Response Plan

The Incident Response Process

Information Sharing and Coordination

Incident Response Team Structure

Common Artifact Elements and Sources of Security Events

Understanding Regular Expressions

Protocols, Protocol Headers, and Intrusion Analysis

How to Map Security Event Types to Source Technologies

This chapter covers the common artifact elements and sources of security events and how you can use regular expressions to analyze security event data. You learn the details about different protocols, protocol headers, and how they relate to intrusion analysis. You also learn how to use packet captures for ...

Get Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.