UFCFFY-15-M Cyber Security Analytics

Assignment Task

The completion of Portfolio Task: Conduct a research study using a virtualised infrastructure to simulate attacks and identify these through a SIEM platform

Portfolio Task: Conduct a research study using a virtualised infrastructure to simulate attacks and identify these through a SIEM platform

For this task, you should use a virtualised infrastructure (e.g., DetectionLab or S plunk Attack Range.

You will need to conduct research to develop your study, to illustrate sample offensive attacks against the infrastructure. You could use Atomic Red Team for this, or you may choose an alternative approach such as connecting your own Kali instance to the infrastructure. You should then demonstrate from a 'blue team' perspective how a cyber security analyst could identify these attacks using a SIEM (e.g., S plunk).

Your portfolio submission for this task should be a written report (max. 2000 words), using either Jupyter notebook (Markdown) or Microsoft Word, that details your offensive attacks and your defensive investigation, showing clear screenshots of your study. You MUST document fully your use of any online/3rd party resources giving appropriate citation and recognition to existing works.

You are expected to conduct independent research in order to inform your work for this task. Using online resources, you will find infomation about suitable attack vectors and defensive strategies - you are expected to show that you are able to research these findings both to understand common attack vectors and also to understand how defensive strategies will help to identify these attacks, and introduce mitigations against their usage.

Attachment:- Cyber Security Analytics.rar