Support

Elevate Your Expertise: Learn More, Save More, and Achieve More with Our Exclusive Training Deals!

Course Summary

This course is designed to simplify the complexities of Security Information and Event Management (SIEM) architecture and processes by guiding students through the steps of customizing and deploying a SIEM system for full integration with a Security Operations Center (SOC). The curriculum covers the effective use of SIEM platforms to enhance log data within enterprise environments and extract actionable intelligence. Students will learn how to present the collected data in usable formats to support correlation efforts. They will then work through log data and events to analyze key components, understand the richness of the information, correlate the data, and begin investigative work based on aggregated insights. Additionally, students will gain the skills to “hunt” for threats using this newly acquired knowledge. The course also covers the deployment of internal post-exploitation tripwires and breach canaries to quickly detect sophisticated intrusions. Through both theory and hands-on labs, students will not only learn how to manually perform these tasks, but also how to automate many of these processes for immediate application in their roles.

Key Topics Include:

SIEM Architecture and SOF-ELK
Service Profiling, Advanced Endpoint Analytics, Baselining, and User Behavior Monitoring
Tactical SIEM Detection and Post-Mortem Analysis

Alert Analysis
The candidate will learn how to analyze endpoint security logs, enhance intrusion detection alerts, assess vulnerability data, correlate malware sandbox logs, handle alerts efficiently, prioritize which alerts to retain, and identify opportunities for staff training.

Device Discovery
The candidate will gain an understanding of how active and passive device discovery can provide a deeper insight into an environment, helping to establish baselines and detect anomalous behavior.

Endpoint Logging Analysis
The candidate will learn how to identify abnormal activities, establish baselines, and optimize endpoint logs to detect anomalous behavior, using events of interest and host-based firewalls.

Endpoint Logging Collection
The candidate will understand how to identify attacks and analyze logs in both Windows and Linux environments, using scripting techniques to filter log noise, as well as establishing collection strategies, both agent-based and agentless.

Log Aggregation and Parsing
The candidate will learn how to use log filters and message brokers during data queuing and storage to enhance log retention and search efficiency. They will also understand how to perform analysis, reporting, and alerting using visualizations and detection dashboards.

Log Collection
The candidate will learn how data gathering strategies, event rates, storage requirements, and staffing considerations impact SIEM planning, event logging device architecture, and log collection techniques for assets.

Log Output and Storage
The candidate will gain an understanding of data queuing, resiliency, and storage methods, as well as how to perform analytical reporting and alerting through the use of visualizations and detection dashboards.

Network Service Log Analysis
The candidate will learn how to identify attacker characteristics, detect anomalous behavior, and establish baselines in network protocol traffic, including SMTP, DNS, HTTP, and HTTPS.

Network Service Log Collection & Enrichment
The candidate will gain skills in analyzing common application logs, applying threat intelligence to generic network logs, correlating network datasets, and establishing baseline network activity.

Post-Mortem Analysis
The candidate will learn how to use virtual machines and malware sandboxes, configure systems to generate event log alerts after a compromise, identify unusual time-based activity, and re-analyze network traffic following an incident.

Software Monitoring
The candidate will understand how to identify authorized and unauthorized software, treat scripting tools and command-line parameters as a special category of software, and develop effective source collection methodologies.

User Monitoring
The candidate will learn how to use behavior analytics to analyze user logons, built-in accounts, and system services based on activity patterns. They will also understand how to use network data to detect unauthorized use of assets, configure enterprise-wide baseline collection, and establish large-scale persistence monitoring.

There are no formal prerequisites for this course; however, a basic understanding of TCP/IP, logging methods and techniques, and general operating system fundamentals is recommended.

proctored exam 75 questions 2 hours Minimum passing score of 79%

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.
Send as a Prefilled Cart
Request Custom Delivery

Questions About This Course?







    Other Popular Courses

    CompTIA: SecurityX
    • Duration: 5 Days
    • Language: English
    • Level: Advanced
    • Exam: CAS-005
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details
    Executive Cyber Risk Certification (ECRC)
    • Duration: 2 Days
    • Language: English
    • Level: Advanced
    • Exam: ECRC
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details
    Mastering Communication & Presentation Te...
    • Duration: 5 Days
    • Language: Danish
    • Level: Intermediate
    • Exam: MCPT
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details