Home Specialist skills Security SEC555: SIEM with Tactical Analytics

SEC555: SIEM with Tactical Analytics

Deploy a scalable logs solution with multiple ways to retrieve logs

Operationalise ordinary logs into tactical data

Build out graphs and tables that can be used to detect adversary activities and abnormalities

Deploy the SANS SOF-ELK VM in production environments. Also, demonstrate ways most SIEMs commonly lag current open source solutions (e.g. SOF-ELK)

Develop methods to handle billions of logs from many disparate data sources and dig into log manipulation techniques challenging many SIEM solutions

Overview

Off the shelf (OTS)

Many organisations have logging capabilities but lack the people and processes to analyse them. In addition, logging systems collect vast amounts of data from a variety of data sources which require an understanding of the sources for proper analysis.

This class is designed to provide training, methods and processes for enhancing existing logging solutions. This class will also provide the understanding of the when, what and why behind the logs. This is a lab-heavy course that utilises SOF-ELK, a SANS-sponsored free SIEM solution, to train hands-on experience and provide the mindset for large-scale data analysis.