How to Install and Configure an SIEM System

In this lesson, participants meet the subject matter expert (SME) for this course and also learn which prerequisites are needed for this course.  This course covers Log Security Incident and Event Management (SIEM) which consists of: - Log aggregation and retention: a SIEM can securely store logs from all networking systems in one centralized location. - Correlation Engine: looks for patterns and trends in logs, seeking any suspicious activity. - Alerting and Analysis: these allow network engineers to take appropriate action as needed. - Reporting and dashboards: provides visibility into which machines are most targeted. - Compliance: these can provide audit reports Course objectives are: - Develop an understanding of SIEM technology - Plan and architect OSSIM installations - Perform OSSIM installations - Sends logs to OSSIM sensors - Install the OSSEC local agents - Configure the OSSIM server In order to get the most out of this course, participants are encouraged to have the following tools: - Powerful PC or multiple PC lab setup with 12 or more gigs of RAM - Virtualization Software (VirtualBox or VMWare) - OSSIM Image - Additional Virtual Machines Upon successful completion of this course, participants will be able to install, configure and tune an SIEM installation from the ground up. Regardless of which SIEM one decides to specialize in, having experience with one SIEM lays the groundwork for learning another. In addition, participants will also be able to set up an OSSIM system by looking at a diagram and then being able to determine to best placement and utilization for an OSSIM structure. This course offers step by step instructions in installation and configuration, how to leg logs to a SIEM, the installation of host and detection agents as well as how to work on settings to customize them to an organization’s specific needs. This course assumes no prior knowledge and teaches participants basic skills and deployments.
Recommended Study Material

AlienVault® Open Source Security Information and Event Management (AlienVault OSSIM™) provides event collection, normalization, and correlation. For more advanced functionality, the AlienVault Unified Security Management® (USM) platform builds on AlienVault OSSIM with these additional capabilities:

– Monitoring of cloud and on-premises environments from one fully integrated solution
– Log management, including 12 months of log storage for compliance requirements
– Extensive library of pre-built correlation rules, updated continuously by the AlienVault Labs Security Research Team
– Out-of-the-box report templates with flexible customization to simplify compliance and security operations reporting

Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?