Start your Windows monitoring journey by learning how to use system logs to detect threats.

Explore key Linux log sources and learn how to use them in your SOC triage.

The Cyber Kill Chain framework is designed for identification and prevention of the network intrusions. You will learn what the adversaries need to do in order to achieve their goals.

Overview Remote logins from significantly different geolocations within a short timeframe (e.g., the same day) can be a legitimate activity or a potential security incident. This scenario is commo...

Overview of AV Alerts Investigation When an AV system detects a potential threat, it generates logs with specific fields that help investigators triage, analyze, and respond. These logs are crucia...

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are critical security tools that monitor network traffic for suspicious or malicious activities. An IDS detects potential th...

Web Application Firewalls (WAFs) and web servers generate logs that are crucial for monitoring, detecting, and responding to traffic. WAF logs focus on security events, distinguishing between legal...

IP and port scanning are fundamental reconnaissance techniques used by attackers (or ethical hackers) to map out a network and identify potential vulnerabilities. When an attacker gains unauthorize...

Overview of DoS Attacks A Denial-of-Service (DoS) attack is a cyber threat where an attacker disrupts the availability of a service, system, or network by flooding it with excessive traffic or exp...

Firewall logs are essential records generated by network firewalls to track connection attempts, traffic flows, and security events. They help in detecting anomalies, troubleshooting issues, invest...