(Click Category to List Courses)
42 - IT-S Information Technology - Security and Audit
IT-S 175 - Security Information and Event Management (SIEM)
Code | Start Date | Duration | Venue | |
---|---|---|---|---|
IT-S 175 | 18 November 2024 | 5 Days | Istanbul | Registration Form Link |
IT-S 175 | 16 December 2024 | 5 Days | Istanbul | Registration Form Link |
Course Description
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security. A SIEM system collects logs and other security-linked support for analysis. Most SIEM systems work by deploying multiple collection agents in a hierarchical fashion to collect security-related events from end-user devices, hosts, network equipment -- and even specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console, which performs inspections and flags anomalies. To permit the scheme to identify anomalous events, it’s significant that the SIEM administrator first creates a profile of the organization under normal event conditions.
Course Objectives
- Bring participants up to speed on SIEM use, architecture, and best practices
- Know what type of data sources to collect logs from
- Configure Signature Updates.
- Provide context to standard alerts to help understand and prioritize them
- Integrate and write custom scripts against a SIEM
Who Should Attend?
- Security Analyst
- Security Architects
- Senior Security Engineers
- Technical Security Managers
- SOC Analysts
Course Details/Schedule
Day 1
- Log management Overview, its structure and log collecting methods.
- Importance of Central Log Management.
- Working with CRYPTTECH Log Manager CRYPTOLOG.
- Log collecting in compliance with regulations
- Security information and event management (SIEM) overview.
- CRYPTOSIM Overview.
- CRYPTOSIM in compliance with regulations
- CRYPTOSIM functionally and who should be using it.
- Deploy the CRYPTOSIM VM in production environments.
Day 2
- CRYPTOSIM installation
- CRYPTOSIM interface views, Navigation Usage
- CRYPTOSIM competent Architecture and Data flows
- Logs forwarding to CRYPTOSIM
- Sources- Knowing what type of data Sources to collect Logs From
- Source adding methods ( Syslog, Rsyslog, Agent, WMI, SMB, DB e.t.c)
- Agent Management
- Source Editing
- Source base index setting
Day 3
- Queries
- Queries Screen
- Complete text search
- Code chart and Asset management
- Index general settings definition
- CRYPTOSIM Dashboard usage and creation
- CRYPTOSIM Hunting for logs
- Best practice methods for collecting logs
- Search filter, Group and analyze Security data
- Use Network Hierarchies
Day 4
- Data Aggregation
- Policy Editor
- Correlation- Definition, functionally; and correlation methods
- Retrospective Correlation
- Correlation Incident
- Event Management
- Scenarios- Active list, Black list, Basic & Complex Correlation Samples
- Investigate the Vulnerabilities and service of assets
- Alarms and watch lists- Prioritizing Alerts
- Reporting-Preparing report – Predefined reports
Day 5
- Use charts and filters
- Integrate and write Customs scripts
- Investigate suspected attacks and policy breaches
- Analyze a real-world scenario
- Troubleshooting and system management
- Signatory Verification
- User rights and management
- Distributed service management