This course is designed for analysts involved in daily response to potential cyber security incidents, and who have access to the Einstein environment. The course begins with an overview of network flow and how the SiLK tools collect and store data. The next session focuses specifically on the Einstein environment. The basic SiLK tools are covered next, giving the analyst the ability to create simple analyses of network flow. Advanced SiLK tools follow, and cover how to create efficient and complex queries. The course culminates with a lab where students use their new skills to profile a network.
Understand network flow and its role in cyber security
Use the SiLK Analysis tool suite to analyze network flow data
Profile network traffic using SiLK
Understand the specifics of the Einstein environment
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.