Palo Alto Networks: Advanced Threat Detection
In this lab you will use the Palo Alto Networks VM-Series deployed as an Intrusion Detection System (IDS) in Google Cloud.
Google Cloud Packet Mirroring clones the network packets of specific instances in your Virtual Private Cloud (VPC) network and forwards that cloned network packet to the VM-Series for examination. Packet Mirroring captures all ingress and egress traffic and packet data, such as payloads and headers.
IDS is a primary use case for Packet Mirroring in Google Cloud. You can use the VM-Series as an IDS to analyze mirrored traffic to detect all threats or anomalies, and provide an additional layer of security protections. Additionally, you can inspect the full traffic flow to detect application performance issues.
What you'll do
- Review Google Cloud Packet Mirroring setup for VM-Series
- Monitor the malicious activities at the VM-Series
- Browse to a juice-shop web page
- Perform SQL Injection attacks at the juice-shop website
- Exploit a Jenkins instance from a Linux instance
- Test two more security features of VM-Series
- Antivirus - Download a test virus file from an Linux instance
- URL Filtering - access a hacking website from a Linux instance
The VM-Series firewall, Google Cloud VPC Packet Mirroring, Jenkins Server, Juice Shop web server and Kali Linux server will be pre configured for you.
Join Qwiklabs to read the rest of this lab...and more!
- Get temporary access to the Google Cloud Console.
- Over 200 labs from beginner to advanced levels.
- Bite-sized so you can learn at your own pace.