00:01
Welcome Toe Society in Part one. Installation and configuration
00:06
in this presentation will be going over the course objectives, pre records, the tools you'll need to follow along and a brief background in my professional work.
00:16
I've worked for a couple of years as both a security analyst incident responder
00:21
in My latest role I've been working with Ellie involves us M for close to a year.
00:26
U. S M is a paid premium version of OS Asylum, which we'll be covering in this course.
00:32
Throughout the past year, I've installed Configured, managed in tune a Sim insulation from the ground up.
00:38
I'm going to break down what I've learned into the bare essentials to help you get started.
00:44
Now you may be asking, What even is a sin?
00:47
Well, Sim is an acronym that stands for a security incident. An event management,
00:53
and this course will be focusing on alien vaults.Open source, Security Incident Management System or Oasis. I am for Short
01:02
Sims are crucial for businesses to ensure they're protected and have active alerting for security incidents on their network.
01:08
Simms have many features and uses. However, most of them boiled down into these main points
01:17
Simpson just logs from everything they possibly can
01:19
to make controllers work. Station's Web servers, firewalls, routers, hyper visors, another networking equipment
01:27
all need to have a relaxant.
01:30
Simkin. Take these logs and store them securely and one centralized location
01:36
assume can take decentralized logs and run them through a correlation engine.
01:41
This engine looks for trends and indicators in the log Sprint for malicious activity
01:46
when it seemed to text malicious activity, they create events and alarms.
01:51
These alarms notify stock analyst to investigate.
01:53
A stock analyst can utilize the SIM to perform in depth analysis and re after the alarms. Accordingly,
02:00
these alarms, events and logs can all be used for in depth reporting and trending dashboards.
02:07
These dashboards could help provide visibility into which machines are most often targeted,
02:12
what offenders are most frequent common attack types and much more
02:15
taking reporting a step further. Some since feature compliance reporting
02:21
thes audit reports could be ran and given to the order.
02:23
If you ever went through an audit without automated reporting, you know how much time and headaches this can save.
02:31
By the end of this course, you'll have a full understanding of what a SIM system is
02:37
whether you go with Andrea vaults, Oasis, I am or another vendor. The main concepts are very similar.
02:44
Just have a experience working with once in translates very well until learning another.
02:49
You will also have a solid grasp on what it takes to set up on us. I am installation.
02:53
You will be able to look at a network diagram. I know exactly where the oasis I am. If a structure will be best utilized in place,
03:02
taking this a step forward, you will be able to perform the server and sensor installations.
03:08
I'll be walking through the entire process from start to finish. In my own virtual lab,
03:14
you can follow along in the lab or create your own set up entirely.
03:19
You'll learn how to send logs. Tau Oasis I am sensors.
03:23
Logs are the lifeblood of a sim, and you want all the locks you can possibly get.
03:28
Additionally, you'll learn how to install host intrusion detection agents onto a machine that the use of oh sec.
03:35
Once you get the servers installed, you'll be able to go into the configuration settings. I know how to set everything exactly to your liking.
03:45
Well, this course is designed around setting up a lot of environment to gain. Familiarity with the same
03:50
thes skills will be a great addition to your resume.
03:53
And if you're more interested in offensive security, understanding how a sim on other security appliances that work will help you become a much better penetration tester.
04:03
This course is centered around free software and tools.
04:10
I'd recommend using a PC with a quad core higher and 12 or more gigs of RAM.
04:15
Well, you can make do with less. You'll find the appliances run quite a bit slower.
04:19
This course will work just as well. Using a lab of multiple computers. However, the networking and lab setup is out of this course of scope.
04:28
I'd recommend using one computer and virtual ization software,
04:31
Virtual Box and VM. Where are both great options?
04:34
Personally, I like to use virtual box, and we bill using it. For all of the examples in this course,
04:41
if you want to follow along exactly click by click, I'd recommend using virtual box.
04:46
You'll also have to download the Oasis. I am image
04:49
if you haven't downloaded already, I'll be providing a link in the course materials tab
04:55
for my lab. I'm going to be setting up a Lennox Web server
04:59
going into the Web server set up and configuration is out of this course of scope.
05:02
However, I'll provide a link in the course materials tab for reference.
05:08
You should feel free to also create any other virtual machines and send those logs over as well.
05:14
The Morlocks you have being sent to us. I am, the easier it is to really dig into the sim and grass palette works.
05:20
This course will soon no prior knowledge. By the end of this course, you'll be able to create and develop your own oasis. I am installation,
05:30
and the next presentation will be answering several questions, such as What exactly is Oasis I am? And how does always a sigh in work?
05:39
We'll also discuss the eligible infrastructure and how the best plan for your use case.
05:44
I lost a boot giving a couple examples of basic deployments and go from my lap configuration
05:49
in closing. I'd like to thank you for your time. I hope to see you in my next presentation.
