Student Name (s): 
Chapters #:2Due Date: 

-0.5 points

Remember that students can select 2 of the 3 chapters per session, however, those choosing to complete all the chapters, extra credit will be awarded as per the syllabus. Save your file in the following format: NWIT247_Team#_Chapter#. One template per chapter. Submit any extra credit work along your submission and assign one person in your team to upload all the documents at one. Extra credit will only be applied when the first 2 chapters have been fully completed. Proofread your work, otherwise, the resubmission policy applies if you need to resend an updated version.

0.5 points

Chapter Summary:

Detailed summary outlining the highlights of the chapter

Chapter # and TitleChapter ConceptsDetails as to why this is a highlight
Chapter 2: IR Management HandbookWhat Are the Goals of Incident Response?         Who Is Involved in the IR Process?             The Incident Response ProcessThis section explains the main goal of incident response which is to remove a threat entirely from an organization’s network while reducing damage and restoring operations as soon as possible. To accomplish this goal, we are reminded that investigating and remediating is needed.   This section details who exactly is part of the incident response team and that it is made up of personnel from other disciplines besides cybersecurity. These disciplines can include human resource personnel, legal counsel, public relations, business managers and other employees that may find themselves involved when responding to an incident.     This section details the individual steps taken to achieve the goals of incident response. There are three main steps which include initial response, investigation, and remediation with dedicated personnel for each step. 

0.5 points

Cyber Event Related to This Chapter (2019 and forward): Provide summary of what this event was about and how it relates to the chapter contents.

Event Date/YearEvent TitleDescription of EventRelationship of Event to Chapter Contents
July 2020Twitter Spear Phishing AttackHackers targeted Twitter employees by calling them and asking them for login credentials while posing as colleagues. They gained access to the company’s internal support system and used this access to target more employees and later gained control of several famous twitter users. They then tweeted on each of the accounts they were doing a bitcoin giveaway, tricking unsuspecting followers into sending them Bitcoin, thinking they would send it back doubled.This attack is the very definition of a cyber incident. It was an unauthorized and unlawful action involving use of Twitters internal systems to gain access to celebrity accounts which were then used to complete the hackers’ mission of stealing bitcoin.  

Technology (Software / Tool) Related to the Chapter Contents: The technology of your choice will be related to the chapter contents. The chapters reference various software. You can select any of the software mentioned or one of your choice. You will need to demonstrate your work by providing detailed steps and screenshots for each step taken to demonstrate how the technology works. This entails installing, configuring, and running the software.

0.25 points

Chapter # Software Referenced in the Chapter
2Open IOC, Yara, Snort
Software ChosenSnort  
Version Installed2.9.20Open Source?Yes ☒ No ☐
Latest Version Available2.9.20Trial Version?Yes ☐ No ☒
OS CompatibilityWindows 7/8/10/11OS UsedWindows 11

To demonstrate your work, provide detailed steps and screenshots for each step taken for each of the following:

0.5 points


  1. Open your favorite browser (Chrome, Firefox, Internet Explorer, Edge…)
  2. Navigate to
  3. Under Get Started, choose Windows and download the exe file.
Graphical user interface, text, application  Description automatically generated
  • Once the file is downloaded and the executable is running, you will be presented with the following screen:
  • You can read through the license agreement and once you done, click “I Agree”. There are three key components so one is snort itself, the second is the dynamic modules and the third one is Documentation. Click on Next to continue: Graphical user interface, text, application, email  Description automatically generated
  • Here, you can choose the location to install Snort, or you can leave it into the default folder which is C:\Snort and this will only require a 7.5 megabyte. Once you click Next the installation will complete very quickly. Graphical user interface, text, application, email  Description automatically generated
  • Click close and then click Ok to finish the installation process.  You can click on show details to see what are the things that have been generated and so on.
  • In the windows search bar, type cmd and then run command prompt as an administrator.  Navigate to the c:\snort\bin folder.  This is where all the binaries have been kept that and if you enter start on exe, you realize that you get a failure because we do not have a bin PCAP installed.
  • To fix this issue, if you are running windows 8 or earlier, navigate to using your favorite web browser and then install the installer for windows.
  • Once the file is downloaded and the executable is running, you will be presented with the following screen. Click nextGraphical user interface, application, Word  Description automatically generated
  • Read the License agreement and then accept it by clicking “I Agree”.
  • Make sure the Automatically start the WinPcap driver at boot time is selected. Click install and then finish. once the installation is completed, restart the computer to ensure that all the drivers have been installed properly.
Graphical user interface, application, Word  Description automatically generated
  1. Warning *** If you are running windows 10 or later and encounter any issues running snort after this installation, it is because Winpcap is no longer supported. There is a compatible alternative npcap that can be downladed and install via:

When installing npcap, use the latest version (now it’s 1.7) and make sure you install npcap with the compatible API option in the installer enabled. Graphical user interface, text, application, email  Description automatically generated

  1. You can now navigate to the windows terminal to verify the software is running properly
Text  Description automatically generated

0.5 points


  1.  After installing Snort on Windows 11, Another important step to get started with Snort is configuring it.
  2. Navigate to to download the latest rules
  3. The subscriber rules are only available to registered user.  Extract the file to a folder on your computer.
  4. Copy all files and directory from the \etc folder to the appropriate directory.  For example, you would copy all files and directory from the etc\snort\rules (downloaded folders) to the c:\snort\etc\rules
  • Once you’ve done that you can start the configuration process.
  • The etc folder contains all configuration files and the most important file is the snort.conf file. We will use notepad to edit it.
  • First thing we will do is to set up my home network ip address which is  ipvar HOME_NET
  • Setup the external network into anything that is not the home network.: ipvar EXTERNAL_NET !$HOME_NET
  • Define the directory for our rules and preproc rules folder

var RULE_PATH c:\snort\rules

#var SO_RULE_PATH ../so_rules

var PREPROC_RULE_PATH c:\snort\preproc_rules

  1. Setup our white list and black list path it will be in our snorts’ rule folder

var WHITE_LIST_PATH c:\snort\rules

var BLACK_LIST_PATH c:\snort\rules

  1. Enable to log directory, so that we store logs in our log folder. Uncomment this line and set absolute path to log directory

config logdir: c:\snort\log

  1. Set the path to dynamic preprocessors and dynamic engine: dynamicpreprocessor directory c:\snort\lib\snort_dynamicpreprocessor
  2. dynamicengine c:\snort\lib\snort_dynamicengine\sf_engine.dll
  3. Set our reputation preprocessors: # dynamicdetection directory /usr/local/lib/snort_dynamicrules
  4. Comment out these lines as shown in figure 19 in doing so we are excluding packet normalization of different packets.

# Inline packet normalization. For more information, see README.normalize

# Does nothing in IDS mode

#preprocessor normalize_ip4

#preprocessor normalize_tcp: block, rsv, pad, urp, req_urg, req_pay, req_urp, ips, ecn stream

#preprocessor normalize_icmp4

#preprocessor normalize_ip6

#preprocessor normalize_icmp6

  1. Scroll down to the reputation preprocessors. We will just change the name of the files since white list , black list are not rules they are just the list of IP addresses labelled as black or white:

whitelist $WHITE_LIST_PATH\white_list, \

   blacklist $BLACK_LIST_PATH\black_list

  1. Convert all lines back slashes to forward slashes under site specific rules include $RULE_PATH\local.rules
  2. Convert all lines back slashes to forward slashes under decoder and preprocessor event rules
  3. verify the presence of this command at the bottom of snort.conf file and then save the file.

include threshold.conf

  • Now recalling the Step 10 white list , black list are not rules they are just the list of IP addresses labelled as black or white right now these files don’t exist in our rule path which is why we have to create them manually , save them in this folder C:\Snort\rules.

Go to Notepad++ and create new file.

Comment it #White-listed IPs.

Name the file white.list and save the file.

Create another new file.

Comment it #Black-listed IPs.

Name the file black.list and save the file.

1 points

Verification | Running the Software: How the software works and that it works as intended as related to the chapter contents

  1. Let’s verify the software is running with the following two commands:

snort -W

Graphical user interface  Description automatically generated

snort -i 1 -c C:\Snort\etc\snort.conf -T

Text  Description automatically generated
  • To conclude we will add some basic rules in snort and do some monitoring.

To add rules, navigate to c:\snort\rules and open the local.rules file with your favorite text editor.  Modify it as follow:

Graphical user interface, text, application, email  Description automatically generated
  • Open a command line and then type the following command: snort -i 1 -c c:\snort\etc\snort.conf -A console

The number “1” is for the interface that is being used.  In my case I am using interface 6.  The program will continue working and you will see some packets being processed.  To stop the program you can press Crl + C.

Text  Description automatically generated

0.5 points

Best Practice: Provide details on how to mitigate against the cyber event chosen (as per section above).

Event Date/YearEvent TitleMitigation Against Cyber Event Chosen
July, 2020Twitter Spear-Phishing AttackThis attack could have been mitigated if the initial employee that gave out their credentials were properly trained on the company’s policies and never shared their credentials.

-1 points

Bibliography (MLA or APA format only): Include all resources used (Textbook for specific chapter used, YouTube videos, software downloads, Internet resources, etc.). Be sure to also include the link as appropriate.

1.Snort is an intrusion detection system that can be installed on your Windows or Linux operating system. It sniffs packets and it is a packet logger.  Snort can intercept all the packets off TCP IP traffic that’s coming in and out of the operating system in real time. The snort application is accepted as the de facto way for network-based IOCs.

The program allows you to put in some advanced rules to see whether there are indicators of compromise or indicators of attacks. You can then do a lot of processing and rule-based engine classification to see what kind of attacks is going on.

YouTube. (2016, May 10). Install snort 2.9.8 on windows. YouTube. Retrieved June 29, 2022, from

Installing snort on windows. Installing Snort on Windows | Installing Snort from Source on Unix. (n.d.). Retrieved June 29, 2022, from

SathiyaMoorthy. (2010, August 6). Snort: 5 steps to install and configure snort on linux. The Geek Stuff. Retrieved June 29, 2022, from

Grading of this assignment will depend on individual and team participation

Teams Only: Detailed information for the role that each team member played in completing this deliverable. Include all names even if a student didn’t participate or met deadlines. Failure to provide these details will result in point reduction.

-1 points

Team #Student NameRole DetailsDid this student fully participate?
2 Installation, Configuration, Verification, assist in putting file together.Yes
2 Lead (putting Final files together)Yes
2 Cyber Event Related, Best PracticeYes
2 BibliographyYes
2 Chapter SummaryYes

All papers are written by ENL (US, UK, AUSTRALIA) writers with vast experience in the field. We perform a quality assessment on all orders before submitting them.

Do you have an urgent order?  We have more than enough writers who will ensure that your order is delivered on time. 

We provide plagiarism reports for all our custom written papers. All papers are written from scratch.

24/7 Customer Support

Contact us anytime, any day, via any means if you need any help. You can use the Live Chat, email, or our provided phone number anytime.

We will not disclose the nature of our services or any information you provide to a third party.

Assignment Help Services
Money-Back Guarantee

Get your money back if your paper is not delivered on time or if your instructions are not followed.

We Guarantee the Best Grades
Assignment Help Services