TalTech ÕIS

Cyber Defense Monitoring Solutions

BASIC DATA

course listing

A - main register

course code

ITX8071

course title in Estonian

Monitooringulahendused küberkaitses

course title in English

Cyber Defense Monitoring Solutions

course volume CP

4.00

ECTS credits

6.00

to be declared

yes

assessment form

Examination

teaching semester

autumn

language of instruction

Estonian

English

Study programmes that contain the course

code of the study programme version

course compulsory

IAVM23/25

IVCM25/25

Structural units teaching the course

IT - Department of Software Science

Course description link

Timetable link

View the timetable

Version:

VERSION SPECIFIC DATA

course aims in Estonian

Anda ülevaade monitooringutehnikatest ja monitooringulahendustest küberkaitses

course aims in English

Give an overview of monitoring techniques and solutions in cyber defense

learning outcomes in the course in Est.

Kursuse läbinud tudeng:
* omab ülevaadet logide kogumise põhimõtetest ja logimisstandarditest (BSD ja IETF syslog)
* oskab häälestada UNIXi logimistarkvarasid syslogd, rsyslog ja syslog-ng
* oskab filtreerida pakette ja genereerida logiteateid netfilter tulemüüri abil
* tunneb regulaaravaldiste keele erinevaid dialekte (ERE ja Perl dialektid) ning nende rakendamist logide monitooringus
* omab ülevaadet sündmuste korrelatsiooni põhimõtetest
* oskab korreleerida sündmusi Simple Event Correlator'i abil ning kasutada seda rünnete avastamiseks ning neile reageerimiseks erinevate sündmuste korrelatsiooni tehnikate abil
* omab ülevaadet võrgupõhistest ründetuvastus- ja ründetõkestus-süsteemidest (network IDS/IPS)
* oskab kasutada Snort IDS/IPS lahendust rünnete tuvastamiseks ja tõkestamiseks

learning outcomes in the course in Eng.

On completion of the course the student:
* has an overview of the principles and standards of log collecting (BSD and IETF syslog)
* can tune the UNIX logging software syslogd, rsyslog ja syslog-ng
* is able to filter the network packets and generate log messages using netfilter firewall
* knows different dialects of the regular expression languages (ERE, Perl) and is able to use these in the log monitoring
* has an overview of the event correlation principles
* is able to correlate events using Simple Event Correlator and use it for discovering and responding to attacks using different correlation techniques
* has an overview of the network-based intrusion detection and prevention systems (network IDS/IPS)
* is able to use Snort for intrusion detection and prevention

brief description of the course in Estonian

Peamised monitooringulahendused ja -tehnikad küberkaitses. Logide ja sündmuste genereerimine tulemüüridest, IDS/IPS sensoritest, serveritest, rakendustest. Logide ja sündmuste kogumine ning monitooring, rünnete avastamine ja tõkestamine.

brief description of the course in English

Main monitoring solutions and techniques in cyber defense. Log and event generation for firewalls, IDS/IPS sensors, services, and applications. Collecting and monitoring logs and events. Intrusion detection and prevention.

type of assessment in Estonian

iseseisvad tööd, eksam

type of assessment in English

individual work, exam

independent study in Estonian

koduülesanded

independent study in English

home assignments

study literature

study forms and load

daytime study: weekly hours

4.0

session-based study work load (in a semester):

lectures

2.0

lectures

practices

2.0

practices

exercises

0.0

exercises

lecturer in charge

LECTURER SYLLABUS INFO

semester of studies

teaching lecturer / unit

language of instruction

Extended syllabus

2025/2026 autumn

Risto Vaarandi, IT - Department of Software Science

English

itx8071-assessment-eng.pdf

display more

Course description in Estonian

Course description in English