Course Description
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security. A SIEM system collects logs and other security-linked support for analysis. Most SIEM systems work by deploying multiple collection agents in a hierarchical fashion to collect security-related events from end-user devices, hosts, network equipment -- and even specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console, which performs inspections and flags anomalies. To permit the scheme to identify anomalous events, it’s significant that the SIEM administrator first creates a profile of the organization under normal event conditions.
What Do Participants Learn?
- Comprehend Intrusion Tolerance, Prevention and Detection.
- Comprehend the characteristics of a Robust SIEM.
- Install Alien Vault SIEM. Use Web Interface.
- Configure Sensor, Server, and Logger.
- Configure Network Inventory.
- Configure Vulnerability Scanning.
- Configure Signature Updates.
- Configure Tickets.
- Prologue to Cyberoam UTM.
- Install and configure Cyberoam.
- Monitor Security. and Logs with Cyberoam.
- Report analysis of Cyberoam.
Who Should Attend?
- Security Analyst
- Security Architects
- Senior Security Engineers
- Technical Security Managers
- SOC Analysts
- SOC Engineers
- SOC Managers
- CND Analysts
- Security Monitoring
- System Administrators
- Cyber Threat Investigators
- Those who want to implement continuous security monitoring or networks
- Those who are working in a hunt team capacity
What Will the Learning Experience Include?
Phase: 1
Introduce
- Comprehensive pre-program activities include:
- Web-based information forms & surveys completed by attendee.
- Direct consultation with the attendee about the expectations.
- During the training, participants engage in data, activities, and conversations that lead to insight and knowledge.
- Participants learn from expert trainers who have both academic and business experiences.
- Highly applicable training content & instructive activities for adding depth to training topics.
- **A half-day site visit for integrating the experience & plan next steps. Opportunities to provide connections, ideas & support.
Phase: 2
Explore & Practice
Phase: 3
Apply
- Apply & sustain the learning experience by using this ongoing support:
- To ensure participant has new skills or behavior progress.
- Optional, fee-based mentoring & coaching with the trainer.
- Training materials & additional documents (e-books, pdf files, presentations and articles)
- Evaluate your training experience by giving us feedbacks and help us to reach our organizational goals.
- Participant's Evaluation
- Trainer's Evaluation
Phase: 4
EVALUATE
Section One:
- Introduction to SIEM
- Network Threats
- SIEM Architecture
- SIEM Deployment
- Logs and Events
- Event Collection and Event Correlation
Section Two:
- Correlation Rules
- Forensically Ready Data
- Intrusion Detection, Prevention, and Tolerance
- Properties of a Robust SIEM
- Installing Alien Vault SIEM
Section Three:
- Using Web Interface
- Configuring Sensor, Logger, and Server
- Configuring Network Inventory
- Configuring Vulnerability Scanning
- Configuring Signature Updates
Section Four:
- Policy Management
- Configuring Tickets
- Introduction to SPLUNK
- Overview of machine data
- How Splunk works with machine data
Section Five:
- Introduction to Splunk's user interface
- Searching and saving results
- Creating reports and visualizations
- Course Summarization