Tools −> Audit Explorer −> Videos
Videos

For version 1.1
This video shows how to download, process, and explore the sample audit data showing normal activity. This video uses Audit Explorer version 1.1.
This video shows how to download, process, and explore the sample audit data showing someone trying to guess passwords on multiple services (doorknob rattling) until they get in. Then we figure out what they did once they got in. This video uses Audit Explorer version 1.1.
This video shows how to download, process, and explore the sample audit data showing a user logging into Eve's account, planting a Trojan horse, and installing some other suspicious files. We show that when detection and forensics are intimately linked it is much easier to move from an indication that something is suspicious to confirmation, and you know exactly what happened. This video uses Audit Explorer version 1.1.
This video shows how to download, process, and explore the sample audit data showing an Advanced Persistent Threat (APT) running when Bob logs in. The APT looks for recently updated files with the keyword "CLASSIFIED" and exfiltrates them out of the network. We show how to analyze this thread going forward, starting with a suspicious program and figuring out what it is doing, and backward, starting with a suspicious connection and finding out how it started and what data it carried. This video uses Audit Explorer version 1.1.
This video shows how to use the Audit Explorer Filter Editor to create a custom filter rule set and then use that filter rules set in Audit Explorer.
Unlike most of the other video tutorials, this is a more general purpose video discussing a particular cyber espionage threat (crossing your air gap into your sensitive networks). We include the video in this section because the video also shows how Audit Explorer and its Filter Editor can be used to address these types of threats.

For version 1.0
This video shows how to download, process, and explore the sample audit data showing normal activity.
This video shows how to download, process, and explore the sample audit data showing one or more people trying to break into the computer by entering passwords on many services.

This video shows how to download, process, and explore the sample audit data showing a user logging into Eve's account, planting a Trojan horse, and installing some other suspicious files.

This video shows how to download, process, and explore the sample audit data showing an Advanced Persistent Threat (APT) running when Bob logs in. The APT looks for recently updated files with the keyword "CLASSIFIED" and exfiltrates them out of the network.

This video shows how to download and install a suggested audit_control file for your computer. The audit_control file is is primarily responsible for determining what audit information is collected. It also controls when the existing audit trail file is closed and a new one is started. Changing the audit_control file on your computer requires root privileges, so we use the Terminal app for several steps.

This video shows you one way to access the audit data on your own system in order to analyze it. It is pretty simple, but you need to escalate to root first.

@NetSquared_USA  copyright Net Squared, Inc., 2008-2013