Cybe Security Awareness Program

Security Monitoring, Log analysis and Reports Generation (SIEM)

Course Overview

This course primarily focus on Security Information and Event Management (SIEM) architecture and process, by navigating the candidate through the steps of deploying a SIEM in Security Operations Center (SOC) integration.

This program further covers many bases in the "appropriate" use of a SIEM platform to enrich readily available log data in enterprise environments and extract actionable intelligence.

This training program also designed to provide individuals training, methods, and processes for enhancing existing logging solutions. In addition, provide candidates with an understanding of the various data sources form where logging systems collect vast amounts of data for proper analysis.

Once collected, the participants will be shown how to present the gathered input into useable formats to aid in eventual correlation. Participants will then iterate through the log data and events to analyze key components that will allow them to learn how rich this information is, how to correlate the data, start investigating based on the aggregate data, and finally, how to go hunting with this newly gained knowledge. They will also learn how to deploy internal post-exploitation tripwires.

In addition, this course will also focus on about cybersecurity blue and red teams’ concepts and emphases on building the skills necessary to create your own teams for effectively collection and analysis data to defend your organization against threat actors.

Who Should Attend

The training program is ideal for those working in positions such as, but not limited to -

IT Manager, Network Manager, Security Manager, Site Administrator, Network Administrator, Technical Support Engineer, Systems Engineer System Administrators, Cyber Threat Investigators or any Individuals working to implement Continuous Security Monitoring or Network

Pre-requisites

  • Basic Networking Knowledge
  • Understanding of Cybersecurity Fundamentals

Course Duration

  • 40 Hours.

Course Content

SIEM & Log Monitoring (3 Days * 8 Hours)

  • Introduction
  • Network Threats
  • State of the Security Operation Centre (SOC) - Industry Statistics & Challenges
  • Introduction to Security Incident & Event Management (SIEM)
  • SIEM Architecture
  • SIEM Platform (Alien vault, Splunk, etc.)
  • SIEM Deployment
  • Logs & Events
  • Detection methods and relevance to log analysis
  • Analyzing common application logs (DNS, HTTP, HTTPs, SMTP, etc.)
  • Apply threat intelligence to generic Network Logs
  • Analysis of Endpoint Logs
  • Identify authorized and unauthorized assets & soft-wares
  • Monitoring using Baseline Data
  • Analyze vulnerability information
  • Monitor Firewall Activity
  • SIEM tripwires
  • Post mortem analysis
  • Creating reports and visualizations

Advance Threat Intelligence (2 Day * 8 Hours)

  • Introduction to Cyber Threat Intelligence
  • Cyber Threats and Kill Chain Methodology
  • Requirements, Planning, Direction, and Review
  • Data Collection and Processing
  • Data Analysis
  • Intelligence Reporting and Dissemination