CySA+ Tools
SIEM - ANS-utilities that receive information from log files of critical systems and
centralize the collection and analysis of this data.
ArcSight - ANS-SIEM Example
Offers multiple models
Can generate compliance reports for HIPAA, SOX and PCI-DSS
QRadar - ANS-SIEM Example
helps eliminate noise by applying advanced analytics to chain multiple incidents
together and identify security offenses requiring action.
Splunk - ANS-SIEM Example
Uses machine-driven data imported by connectors or add-ons.
Premises-based or cloud-based solution.
AlienVault - ANS-SIEM Example
goes beyond traditional SIEM software with all-in-one security essentials and integrated
threat intelligence.
OSSIM - ANS-SIEM example open source version of AlienVault
Kiwi Syslog - ANS-Log Management software
Gathers log data and SNMP
very cheap
lacks features
Network Scanning/ers - ANS-These map a network or derive a rough picture of the
locations of devices and firewalls and their relationships to one another. A
Nmap - ANS-Network Scanner Example
Stealthy can be used for attack
Locates the devices, locates the open ports on the devices, and determines the OS on
each host.
Vulnerability Scanner(ing) - ANS-probe for a variety of security weaknesses, including
misconfigurations, out-of-date software, missing patches, and open ports. These
solutions can be on premises or cloud based.
, Qualys - ANS-Vulnerability Scanner Example
Cloud based
Sensors are placed in the network then data is sent to the cloud
Nessus - ANS-Vulnerability Scanner Example
Very popular (free for personal use)
OpenVas - ANS-Vulnerability Scanner Example
Open source (based on Nessus)
Nexpose - ANS-Vulnerability Scanner Example
Free and Paid version (Rapid7)
Supports compliance reporting
Nikto - ANS-Vulnerability Scanner Example
Dedicated to Web Servers
Is a Linux command line tool that comes with 300+ pen test tools
Microsoft Baseline Security Analyzer (MBSA) - ANS-Vulnerability Scanner Example
Free Download for Windows
Packet Capture (PCAP) - ANS-Called Sniffing or Eavesdropping
Occurs when an attacker attaches or inserts a device or software into the
communication medium to collect all the information transmitted over the medium.
protocol analyzers - ANS-Another name for sniffers (PCAP) collect raw packets from the
network
Wireshark - ANS-Protocol Analyzer Example (sniffer)
captures raw packets off the interface on which it is configured and allows you to
examine each packet.
tcpdump - ANS-Protocol Analyzer Example (sniffer)
command-line tool that can capture packets on Linux and Unix platforms. A version for
Windows, windump, is available as well.
Network General - ANS-Protocol Analyzer Example (sniffer)
Old Sniffer
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller modockochieng06. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.