Theses and Dissertations Collection

Modern organization networks are diverse and complex, with many different zones and security levels based on systems' functions, missions, or business purposes. This makes maintaining situational awareness of the environment both more critical and more difficult to perform. Cyber situational awareness tools are widely available making it easy to see what is happening in the network and on managed devices. At the University of Idaho, on the Idaho Falls campus, a cybersecurity research lab named the Reconfigurable Attack-Defend Instructional Computing Laboratory (RADICL) is available for research purposes. The RADICL lab is set up specifically to support cybersecurity research and training for students and the community. To make sure administrators are completely aware of what is happening in this cybersecurity lab, cyber situational awareness tools have been implemented to monitor hardware, software and network packets. When suspicious activity or malware is detected, RADICL administrators will be alerted. The purpose of this thesis is to explain in detail what cyber situational awareness tools are and provide a use case of how cyber situational tools are implemented in the RADICL lab, thus providing a possible solution for small to large businesses and similar research labs.