From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Network symptoms
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Network symptoms
- [Instructor] As a cybersecurity analyst, you need to be familiar with many of the signs and symptoms of a security incident. This information can help you identify that an incident is taking place, and also point you down the right avenues of investigation during incident analysis. Just like a physician takes a patient's vital signs and asks about physical symptoms when trying to diagnose a disease, security professionals must look at the signs and symptoms on their networks when diagnosing a security incident. Network traffic is a common source of valuable information about security incidents. Firewall logs, net flow records, and data from network performance monitoring tools may play a valuable role in diagnosing a security incident. As a cybersecurity analyst, you should practice reviewing these logs. Make sure that you don't only look at summaries of logs. You should also be capable of digging in to the records…