05. Blue/DFIR Components: NETWORK
In this chapter, you will learn about different network data sources available in PurpleLabs. From Netflow to signature-less Zeek IDS and signature-based Suricata IDS to Full PCAP Capture based on Moloch/Arkime. True experience based on a real network with cool network visibility. Connect to your PurpleLabs VMS and generate the first network activities. Simple network behavior of your hosts (HASSH, JA3, DNS, NTP, ICMP, SMB, etc.) sounds like a great idea to learn more about network protocols and specific behaviors of Linux boxes in the context of running applications during an attack.
7 Lessons