SIEM with Tactical Analytics Training

SIEM with Tactical Analytics Training

Course Delivery

This Course is available in the following format:

Request this course in a different delivery format

GSA Schedule 70 Saving for Government Customers

Course Overview:

SIEM with Tactical Analytics Training – Hands-on

This SIEM with Tactical Analytics Training course is designed to demystify the Security Incident and Events Management (SIEM) architecture and process, by navigating the student through the steps of tailoring and deploying a SIEM to full Security Operations Center (SOC) integration. The material will cover many bases in the “appropriate” use of a SIEM platform to enrich readily available log data in enterprise environments and extract actionable intelligence. Once collected, the student will be shown how to present the gathered input into useable formats to aid in eventual correlation. Students will then iterate through the log data and events to analyze key components that will allow them to learn how rich this information is, how to correlate the data, start investigating based on the aggregate data, and finally, how to go hunting with this newly gained knowledge. They will also learn how to deploy internal post-exploitation tripwires and breach canaries to nimbly detect sophisticated intrusions. Throughout the course, the text and labs will not only show how to manually perform these actions, but how to automate many of the processes mentioned so students may employ these tasks the day they return to the office.

Customize It:

• We can adapt this SIEM with Tactical Analytics Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.

Audience / Target Group:

The target audience for this SIEM with Tactical Analytics Training course:

• Security Analyst
• Security Architects
• Senior Security Engineers
• Technical Security Managers
• SOC Analysts
• SOC Engineers
• SOC Managers
• CND Analysts
• Security Monitoring
• System Administrators
• Cyber Threat Investigators
• Individuals working to implement Continuous Security Monitoring or Network
• Individuals working in a hunt team capacity

Class Prerequisites:

The knowledge and skills that a learner must have before attending this SIEM with Tactical Analytics Training course are:

• A basic understanding of TCP/IP, logging methods and techniques, and general operating system fundamentals. Moderate familiarization with logging systems (both network and host), messaging queues, be accustomed to command-line activity, and commercial/open source SIEM solutions is a bonus.

What You Will Learn:

Upon completing this SIEM with Tactical Analytics Training course, learners will be able to meet these objectives:

• Deploy the SANS SOF-ELK VM in production environments
• Demonstrate ways most SIEMs commonly lag current open source solutions (e.g. SOF-ELK)
• Bring students up to speed on SIEM use, architecture, and best practices
• Know what type of data sources to collect logs from
• Deploy a scalable logs solution with multiple ways to retrieve logs
• Operationalize ordinary logs into tactical data
• Develop methods to handle billions of logs from many disparate data sources
• Understand best practice methods for collecting logs
• Dig into log manipulation techniques challenging many SIEM solutions
• Build out graphs and tables that can be used to detect adversary activities and abnormalities
• Combine data into active dashboards that make analyst review more tactical
• Utilize adversary techniques against them by using frequency analysis in large data sets
• Develop baselines of network activity based on users and devices
• Develop baselines of Windows systems with the ability to detect changes from the baseline
• Apply multiple forms of analysis such as long tail analysis to find abnormalities
• Correlate and combine multiple data sources to achieve more complete understanding
• Provide context to standard alerts to help understand and prioritize them
• Use log data to establish security control effectiveness
• Implement log alerts that create virtual tripwires for early breach detection

Course Syllabus:

• SIEM Architecture and SOF-ELK
• Service Profiling with SIEM
• Advanced Endpoint Analytics
• Baselining and User Behavior Monitoring
• Tactical SIEM Detection and Post-Mortem Analysis
• Capstone: Design, Detect, Defend

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

Print Friendly, PDF & Email