Cyber Defence Monitoring Course Suite Module 2


Cyber Defence Monitoring Course Suite Module 2


13-17 Feb 2017

Registration deadline:

20 Jan 2017



Tallinn, Estonia

Participation fee:

300 € (no fee for the Sponsoring Nations, Contributing Partners and NATO bodies)

This intensive hands‐on course concentrates on several tools from many important Cyber Defence Monitoring techniques and solutions. In this module, we focus on an end-to-end solution for collecting, storing, visualizing and alerting on time-series data. We use the so-called TICK stack, a data management platform comprising Telegraf, InfluxDB, Chronograf, and Kapacitor, to build monitoring systems for different scales, from SOHO/SME up to enterprise level.

Learning Objectives 

The course demonstrates how TICK stack is a perfect fit for modern monitoring solutions. Attendees gain practical experience on how to build up a scalable system and how challenging the security‐engineering process can be. During hands‐on exercises, students start from the basic single instance installation and end up implementing a distributed system with centralised command, analysis and visualisation solutions.

Target Audience

  • Technical IT security staff in charge of the implementation of classified networks
  • Security and IT managers who want to get a real‐life understanding of managing time-series data

Non‐target audience

  • Experienced network forensics practitioners are not the target audience for this course 


  • Installing a single instance for small office network
  • Building from source to get a custom set of required features
  • Tweaking protocols and artefact extraction
  • Controlling a large setup
  • Integration with other external tools
  • Writing scripts to add new functionality
  • Visualising for humans

On this course, we will work with network traffic from Locked Shields 2015, which means that the traffic will have real intrusions. We will also use samples of existing botnets to analyse obfuscation techniques used today.


  • Good understanding of TCP/IP networking and network/system administration
  • Recent everyday network/system administrator's work experience of at least 2 years in UNIX environments
  • Previous detailed knowledge on following topics
    • Work principles of UNIX operating systems and UNIX file system layout
    • Common UNIX shells (e.g., sh, bash)
    • Common UNIX user tools (e.g., ls, ps, kill)
    • Common UNIX system administration utilities
  • Scripting experience is required
  • Previous programming experience is not required, but is helpful
  • English language skill comparable to STANAG 6001, 

NB!  We most strongly discourage the participation of students who do not fulfil these prerequisites, since the course contains advanced lab sessions assuming this knowledge. Therefore, the presence of unskilled attendees is likely to hinder the overall progress of the course. 

Registration info

Please register for the course by visiting the NATO CCD COE website and completing the provided registration form before the deadline. Should you have any questions, please contact: events -at- 
* Before registering, please check the up‐to‐date course information on the NATO CCD COE website