1
00:00:00,960 --> 00:00:09,600
In this lecture I will give a brief introduction about squeal and script so squeal is in an intuitive

2
00:00:09,720 --> 00:00:16,240
gooey that provides access to real time events session data and roll back it captures.

3
00:00:16,530 --> 00:00:23,850
It gives information about the following data types needs alerts from snort or Sakata hits alerts from

4
00:00:23,880 --> 00:00:31,420
our sick I said data antigen data from rats and blogs from bro.

5
00:00:31,560 --> 00:00:36,110
You can buy wood from squeal to other tools and websites for more analysis.

6
00:00:36,210 --> 00:00:37,240
For example.

7
00:00:37,440 --> 00:00:43,270
Transcript where an ASCII decode of the euro back at that hour will be displayed.

8
00:00:43,590 --> 00:00:50,730
Wired shock where the euro packet capture file will be opened for analysis in this well known packet

9
00:00:50,790 --> 00:01:00,060
analysis tool network minor which provides a tab based report of the host IP addresses DNS transactions

10
00:01:00,330 --> 00:01:06,240
files emails credentials and other party facts within the cap.

11
00:01:07,510 --> 00:01:17,440
Pro that performs ASCII decode and more such as decoding HP traffic Virus Total which aggregates many

12
00:01:17,440 --> 00:01:25,900
anti virus products and online scan engines to check for viruses that the users own antivirus may have

13
00:01:25,900 --> 00:01:35,610
missed or to fortify against any false positives Cubano or Elsa which are as items or Security Information

14
00:01:35,640 --> 00:01:38,460
and Event Management applications.

15
00:01:39,450 --> 00:01:49,000
And many other tools and websites squeal is efficient since it allows you to classify or categorize

16
00:01:49,000 --> 00:01:55,910
events quickly or escalate them to be analyzed by a senior analyst if necessary.

17
00:01:56,470 --> 00:02:04,330
It can also display alerts in real time and the event in squeal can be categorized into seven categories

18
00:02:05,410 --> 00:02:14,360
and authorized route access unauthorized user access attempt an authorized access successful denial

19
00:02:14,390 --> 00:02:25,220
of service attack border security practice or policy violation reconnaissance props or scans and virus

20
00:02:25,250 --> 00:02:34,950
infections and we can escalate the events as we have said or classify them as in a or no further action

21
00:02:34,980 --> 00:02:35,850
is needed.

22
00:02:35,850 --> 00:02:44,680
If we think that they are false positives and we can add comments while categorizing events so it can

23
00:02:44,710 --> 00:02:51,100
help our queries and save their time in future when working on events.

24
00:02:51,490 --> 00:02:59,440
And finally you can be informed or cut to classify specific traffic automatically for a specified period

25
00:02:59,470 --> 00:03:08,900
of time rather than doing that manually and we have another tool that shares the same database with

26
00:03:08,900 --> 00:03:17,390
squeal that provides different interface which is squared so squared is a web application that is used

27
00:03:17,390 --> 00:03:23,450
to query and view event data stored in its database and we can form.

28
00:03:23,540 --> 00:03:32,180
Typically the same things as in squeal such as grabbing and and grabbing of events by voting into other

29
00:03:32,180 --> 00:03:36,110
tools and websites and categorizing events.

30
00:03:36,650 --> 00:03:42,920
So in this lecture I have given a brief introduction about squeal and squirt and in the next lecture

31
00:03:43,160 --> 00:03:45,920
I will start explaining about how to use a squeal.