Videos
For version 1.1
This video shows how to download, process, and explore the sample audit
data showing normal activity. This video uses Audit Explorer version 1.1.
This video shows how to download, process, and explore the sample audit
data showing someone trying to guess passwords on multiple
services (doorknob rattling) until
they get in. Then we figure out what they did once they got in.
This video uses Audit Explorer version 1.1.
This video shows how to download, process, and explore the sample
audit data showing a user logging into Eve's account, planting a Trojan
horse, and installing some other suspicious files. We show that when
detection and forensics are intimately linked it is much easier to
move from an indication that something is suspicious to confirmation,
and you know exactly what happened.
This video uses Audit Explorer version 1.1.
This video shows how to download, process, and explore the sample
audit data showing an Advanced Persistent Threat (APT) running when
Bob logs in. The APT looks for recently updated files with the keyword
"CLASSIFIED" and exfiltrates them out of the network.
We show how to analyze this thread going forward, starting with a
suspicious program and figuring out what it is doing, and backward,
starting with a suspicious connection and finding out how it started
and what data it carried.
This video uses Audit Explorer version 1.1.
This video shows how to use the Audit Explorer Filter Editor to create
a custom filter rule set and then use that filter rules set in
Audit Explorer.
Unlike most of the other video tutorials, this is a more general purpose
video discussing a particular cyber espionage threat (crossing
your air gap into your sensitive networks). We include the video in
this section because the video also shows how Audit Explorer and its
Filter Editor can be used to address these types of threats.
For version 1.0
This video shows how to download, process, and explore the sample audit
data showing normal activity.
This video shows how to download, process, and explore the sample
audit data showing one or more people trying to break into the
computer by entering passwords on many services.
This video shows how to download, process, and explore the sample
audit data showing a user logging into Eve's account, planting a Trojan
horse, and installing some other suspicious files.
This video shows how to download, process, and explore the sample
audit data showing an Advanced Persistent Threat (APT) running when
Bob logs in. The APT looks for recently updated files with the keyword
"CLASSIFIED" and exfiltrates them out of the network.
This video shows how to download and install a suggested audit_control
file for your computer. The audit_control file is is primarily
responsible for determining what audit information is collected. It
also controls when the existing audit trail file is closed and a
new one is started. Changing the audit_control file on your
computer requires root privileges, so we use the Terminal app
for several steps.
This video shows you one way to access the audit data on your
own system in order to analyze it. It is pretty simple, but you
need to escalate to root first.
