(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit


IT-S 175 - Security Information and Event Management (SIEM)

Code Start Date Duration Venue
IT-S 175 29 August 2022 5 Days Istanbul Registration Form Link
IT-S 175 24 October 2022 5 Days Istanbul Registration Form Link
IT-S 175 19 December 2022 5 Days Istanbul Registration Form Link
Please contact us for fees

 

Course Description

Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security. A SIEM system collects logs and other security-linked support for analysis. Most SIEM systems work by deploying multiple collection agents in a hierarchical fashion to collect security-related events from end-user devices, hosts, network equipment -- and even specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console, which performs inspections and flags anomalies. To permit the scheme to identify anomalous events, it’s significant that the SIEM administrator first creates a profile of the organization under normal event conditions.

Course Objectives

  • Bring participants up to speed on SIEM use, architecture, and best practices
  • Know what type of data sources to collect logs from
  • Configure Signature Updates.
  • Provide context to standard alerts to help understand and prioritize them
  • Integrate and write custom scripts against a SIEM

Who Should Attend?

  • Security Analyst
  • Security Architects
  • Senior Security Engineers
  • Technical Security Managers
  • SOC Analysts

Course Details/Schedule

Day 1

  • Log management Overview, its structure and log collecting methods.
  • Importance of Central Log Management. 
  • Working with CRYPTTECH Log Manager CRYPTOLOG. 
  • Log collecting in compliance with regulations 
  • Security information and event management (SIEM) overview. 
  • CRYPTOSIM Overview. 
  • CRYPTOSIM in compliance with regulations 
  • CRYPTOSIM functionally and who should be using it. 
  • Deploy the CRYPTOSIM VM in production environments.

Day 2

  • CRYPTOSIM installation 
  • CRYPTOSIM interface views, Navigation Usage  
  • CRYPTOSIM competent Architecture and Data flows 
  • Logs forwarding to CRYPTOSIM 
  • Sources- Knowing what type of data Sources to collect Logs From 
  • Source adding methods ( Syslog, Rsyslog, Agent, WMI, SMB, DB e.t.c) 
  • Agent Management 
  • Source Editing 
  • Source base index setting 

Day 3

  • Queries 
  • Queries Screen 
  • Complete text search 
  • Code chart and Asset management 
  • Index general settings definition 
  • CRYPTOSIM Dashboard usage and creation 
  • CRYPTOSIM Hunting for logs 
  • Best practice methods for collecting logs
  • Search filter, Group and analyze Security data 
  • Use Network Hierarchies

Day 4

  • Data Aggregation 
  • Policy Editor 
  • Correlation- Definition, functionally; and correlation methods 
  • Retrospective Correlation 
  • Correlation Incident 
  • Event Management 
  • Scenarios- Active list, Black list, Basic & Complex Correlation Samples 
  • Investigate the Vulnerabilities and service of assets 
  • Alarms and watch lists- Prioritizing Alerts 
  • Reporting-Preparing report – Predefined reports 

Day 5

  • Use charts and filters 
  • Integrate and write Customs scripts 
  • Investigate suspected attacks and policy breaches 
  • Analyze a real-world scenario 
  •  Troubleshooting and system management 
  • Signatory Verification 
  • User rights and management 
  • Distributed service management