Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Industrial Cybersecurity

You're reading from   Industrial Cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment

Arrow left icon
Product type Paperback
Published in Oct 2021
Publisher Packt
ISBN-13 9781800202092
Length 800 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Pascal Ackerman Pascal Ackerman
Author Profile Icon Pascal Ackerman
Pascal Ackerman
Arrow right icon
View More author details
Toc

Table of Contents (26) Chapters Close

Preface 1. Section 1: ICS Cybersecurity Fundamentals
2. Chapter 1: Introduction and Recap of First Edition FREE CHAPTER 3. Chapter 2: A Modern Look at the Industrial Control System Architecture 4. Chapter 3: The Industrial Demilitarized Zone 5. Chapter 4: Designing the ICS Architecture with Security in Mind 6. Section 2:Industrial Cybersecurity – Security Monitoring
7. Chapter 5: Introduction to Security Monitoring 8. Chapter 6: Passive Security Monitoring 9. Chapter 7: Active Security Monitoring 10. Chapter 8: Industrial Threat Intelligence 11. Chapter 9: Visualizing, Correlating, and Alerting 12. Section 3:Industrial Cybersecurity – Threat Hunting
13. Chapter 10: Threat Hunting 14. Chapter 11: Threat Hunt Scenario 1 – Malware Beaconing 15. Chapter 12: Threat Hunt Scenario 2 – Finding Malware and Unwanted Applications 16. Chapter 13: Threat Hunt Scenario 3 – Suspicious External Connections 17. Section 4:Industrial Cybersecurity – Security Assessments and Intel
18. Chapter 14: Different Types of Cybersecurity Assessments 19. Chapter 15: Industrial Control System Risk Assessments
20. Chapter 16: Red Team/Blue Team Exercises 21. Chapter 17: Penetration Testing ICS Environments 22. Section 5:Industrial Cybersecurity – Incident Response for the ICS Environment
23. Chapter 18: Incident Response for the ICS Environment 24. Chapter 19: Lab Setup 25. Other Books You May Enjoy

Exercise 6 – Creating a breach detection dashboard in Kibana

Event log collection and correlation systems can bring in a ton of data. Our simple lab setup, for example, is pulling in around 1,000,000 events every 24 hours, and that is for a handful of systems and devices. The way we can deal with this much data is by using it to pinpoint areas of concern, events, or trends that seem suspicious. That is the kind of information we want to visualize so that an analyst can quickly assess if something fishy is going on. At this point, they will use all the other data we have been accumulating to find the smoking gun that proves an incident is occurring or as supporting data to perform forensics and incident response activities. The other way we can use this tremendous amount of detailed information is during threat-hunting exercises, which we will cover in Section 3, Threat Hunting.

Throughout this exercise, we will be adding widgets and visualizations to a custom dashboard within...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image