Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

What to monitor?

While events can be collected from various devices, it’s crucial to identify what to monitor for effective security, aiming for high-quality, relevant logs that can swiftly detect and deter threat actors, making it harder for them to bypass our alerts; below is a list of potential detection indicators and an assessment of their alterability.

Indicator

Difficulty to change

File checksums and hashes

Very Easy

IP Addresses

Easy

Domain Names

Simple

Network and Host Artifacts

Annoying

Tools

Challenging

Tactics, Techniques and Procedures

Hard

File checksums and hashes help identify known malware, but attackers can easily modify them; however, altering network and host artifacts is more challenging, and understanding threat actors’ Tactics, Techniques, and Procedures (TTPs) allows defenders to strengthen their defenses against attacks like spear-phishing and peer-to-peer networking.