Introduction 

You will learn what a SIEM is and how to operate in the everchanging environment of threats. 

This course will guide you through the theory behind IT monitoring, the best practices as well as give hands on examples of analysis through labs and in class-activities.

Objectives 

The course provides a guide to learn and apply hands on techniques but also provides a practical approach for those who want to stretch their skills and see how far they can get without following the guide. 

Requirements

A basic understanding of TCP/IP, logging methods and techniques, and general operating system fundamentals. 

Contents

SIEM Implementation

Collection, Aggregation and Parsing

Storage

Alerting and Analysis

Networking Services

Log Collection & Enrichment

SMTP

DNS

HTTP & HTTPS

Logging in Windows and Linux

Endpoint Strategies

Relevant Windows Events

Firewalls and OS Protection

Centralized Alerting

Intrusion Detection Systems

Analysing Alerts

Case Management

Post-mortem Analysis

Labs

Duration: 3 days