mod4C01_M04Module ConclusionModule Conclusionlinks../C01_M04/assets/coursemap.swfcourseMenuBtnCourse menu. Select this button to access the course menu.MainMenuButtonClickedmoduleMapBtnLesson Map. Select this button to access the lesson map.CourseMapButtonClickedglossaryBtnGlossaryGlossary. Select this button open the glossary.GlossaryButtonClickedresourcesBtnResources. Select this button open the resources.ResourcesButtonClickedexitBtnExit. Select this button to exit the course.ExitButtonClickedreplayBtnReplay. Select this button to replay the current screen.ReplayButtonClickedpauseBtnPause. Select this button to pause the course.PauseButtonClickedresumeBtnResume. Select this button to resume the course.ResumeButtonClickedpreviousPgBtnPrevious PagePrevious. Select this button to go to the previous screen.PreviousButtonClickednextPgBtnNext PageNext. Select this button to go to the next screen.NextButtonClickedSummary and Conclusiondisacnd04_011Now that you've learned about a methodology for conducting CND analysis, let's check in on Pat, the CND analyst that we met at the beginning of this module. Pat continues to see numerous IDS alerts each day. As before, there are some days when the alerts just trickle in and other days when they never seem to stop. On this day, the alerts have again been coming in with alarming frequency, but armed with a methodology to structure the analysis process, she is now better prepared to handle the growing queue of alerts. Instead of sending these alerts directly up the chain of command, she is looking to other sources of data to correlate the increasing volume of alert data. She is also consulting with other members of the CND team to develop hypotheses, validate theories, and create a narrative. She has been able to confirm that a successful intrusion has occurred, so right away, she reports up the chain of command that immediate action must be taken to mitigate and contain the threat. With a focused initial report and recommendation, Pat's superiors are able to deploy a system-wide lockdown that stops the adversary in his tracks. The threat has been mitigated for now, but Pat's job is not done. She continues with a full investigation, conducting the necessary research and analysis to provide context to the alert data and support several possible theories to explain the incident. As continued analysis provides further insight into the incident, her theories evolve until she is able to compile a detailed report that tells the story of the incident from beginning to end. Pat's final report contains multiple theories along with data and a narrative to support each one. Her report also contains descriptions of the methods used to gather and compile that data, a vulnerability analysis, and recommendations on how to prevent similar compromises in the future. With the context provided by her full analysis, her superiors are able to act on the report and implement system-wide eradication and remediation measures. At the end of the day, Pat's work in ensuring a quick response to the threat event combined with her knowledge, skills, and judgment have proven her to be a capable CND analyst. Rich Media Text Description, Course: D O D Intrusion Detection System (I D S) Analysis, Part 3, Module 1: C N D Analysis: A Structured Approach to Intrusion Analysis, Lesson 4: Module Conclusion, For each screen you will hear a description. The description is cued by an audio tone. Listen to the description, and then select the play audio narration button to continue. Screen 1 of 3. Lesson title: Module Conclusion. Topic title: Summary and Conclusion. Screen title: Review. Reprised image displays of female analyst named Pat. Images and text display in support of audio. Image displays on screen of e-mail message to supervisor. Message reads as follows: Dave, The I D S is going berserk! The alert traffic is alarming, and indicators point to a successful intrusion. Analysis of the incident is ongoing, but you are advised to take immediate action to secure the network. The initial findings are attached. Sincerely, Pat, C N D Analyst.Summary and ConclusionSummarydisacnd04_022In this lesson, we will review what you have learned in this module. Lesson 2, Understanding Your Role in CND Analysis, reviewed the concept of analysis, discussed the role of the analyst in conducting analyses, explained the value of taking a structured approach to analysis, and introduced an analysis methodology for you to incorporate into your existing analysis processes. Lesson 3, An Approach to CND Analysis, examined the analysis methodology in depth, discussing each phase of the methodology and explaining how the methodology can be used to augment your existing analysis processes. Summarydisacnd04_02_012Summarydisacnd04_02_022Screen 2 of 3. Screen title: Summary. Two images display on screen to represent each of the content lessons presented in this module. One is labeled Understanding your Role in C N D Analysis. The other is labeled An Approach to C N D Analysis. Text displays as follows: References to open source or freeware in this training product are for training purposes only, and should not be considered endorsements of these products. Please check with your command, service, or agency for guidance on the use of these products.Conclusiondisacnd04_033Congratulations! You have completed the CND Analysis: A Structured Approach to Intrusion Analysis module. You should now be able to identify the role of the CND analyst in the analysis of CND information. You should also be able to analyze a narrative to determine whether it fully explains a CND incident, and you should be able to apply the recommended CND analysis methodology to your analysis of a CND incident. Screen 3 of 3. Screen title: Conclusion. Congratulations text displays. Text displays in support of audio. Objectives bullets change to checkmarks in sync with audio.