Course Introduction

Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security. A SIEM system collects logs and other security-linked support for analysis. Most SIEM systems work by deploying multiple collection agents in a hierarchical fashion to collect security-related events from end-user devices, hosts, network equipment -- and even specialized security equipment like firewalls, antivirus or intrusion prevention systems.

Course Syllabus:

SIEM Architecture and SOF-ELK
  • State of the SOC/SIEM
  • Log Monitoring
  • Logging architecture
  • SIEM platforms
  • Planning a SIEM
  • SIEM Architecture
  • Ingestion techniques and nodes
  • Data queuing and resiliency
  • Storage and speed
  • Analytical reporting
Service Profiling with SIEM
  • Detection methods and relevance to log analysis
  • Analyzing common application logs that generate tremendous amounts of data
  • Apply threat intelligence to generic network logs
  • Active Dashboards and Visualizations
Advanced Endpoint Analytics
  • Endpoint logs
  • Host-based firewall logs
  • Monitor PowerShell
 Baselining and User Behavior Monitoring
  • Identify authorized and unauthorized assets
  • Identify authorized and unauthorized software
  • Baseline data
Tactical SIEM Detection and Post-Mortem Analysis
  • Centralize NIDS and HIDS alerts
  • Analyze endpoint security logs
  • Augment intrusion detection alerts
  • Analyze vulnerability information
  • Correlate malware sandbox logs with other systems to identify victims across enterprise
  • Monitor Firewall Activity
  • SIEM tripwires
Capstone: Design, Detect, Defend
 

Leave A Message

There are no any courses offered by this institute...!