Code:CNT1201
Introduction
The objective of the course is to highlight the benefits of deploying a Security Incident and Event Management (SIEM) within an IT environment. The course will provide participants with the knowledge, methodology and processes to solve logging problems and monitor cyber threats and attacks via SIEM infrastructure.
Course content
- Introduction to SIEM
- Definition and concepts
- Design
- Components and architecture
- SIEM Architecture
- Log definition and concepts
- Types of logs and agents
- Log aggregation
- Log broker
- Log storage
- Log visualisation, search and alert
- Tactical analysis
- Service profiling
- Endpoints analytics
- Baselining and user behaviour
Learning outcomes
- Gain an understanding concerning the deployment of SIEM in a production environment
- Describe the best practices, for collecting logs and monitoring
- Analyze and combine multiple data sources to achieve an enhanced understanding of SIEM logs
- Analyze standard alerts and prioritization
- Determine the log data necessary to establish security control effectiveness
Prerequisites
- Foundational knowledge of the Open Systems Interconnection (OSI) model
- Foundational knowledge of TCP / IP and networking protocols
- Foundational knowledge of Windows operating systems
- Foundational knowledge of UNIX / Linux operating systems
- Foundational knowledge of cyber security threats and attack methods
- Foundational knowledge of digital forensic concepts
Duration
- 4 Days
Learning style
- 40% theoretical
- 60% practical
