Implementing Security Monitoring and Logging
Section 1: Hands-On Demonstration
Part 1: Identify Failed Logon Attempts on Windows Systems
Make a screen capture showing the Security Event Properties dialog box on the vWorkstation.
​Part 2: Monitor Network Activity with Snort
Make a screen capture showing the updated Pass Lists page.
Make a screen capture showing the active Snort status on the LAN interface.
Make a screen capture showing the successful ping results.
Make a screen capture showing the ICMP alerts in the Snort Active Log.
​Section 2: Applied Learning
Part 1: Identify Failed Logon Attempts on Linux Systems
​Make a screen capture showing the edited rsyslog.conf file.
Make a screen capture showing the failed login attempts
Make a screen capture showing the last 10 log messages.
​Part 2: Monitor File Integrity with Tripwire
Make a screen capture showing the Object Summary section for the Tripwire report.
Section 3: Challenge and Analysis
Part 1: Identify Additional Event Types in the Event Viewer
Make a screen capture showing the Security Event Properties dialog box for an Audit Failure associated with Event ID 5061.
Part 2: Configure Snort as an Intrusion Prevention System
​Make a screen capture showing the Legacy Blocking Mode enabled on the LAN interface.