Elastic Security for SIEM
Home » Elastic Security for SIEM
Get help for Elastic Security for SIEM
Get in touch with us
Let's break ice
Email Us
Get help for Elastic Security for SIEM
Course summary
This course is built for analysts who use the Elastic Security for SIEM solution. Elastic Security for SIEM takes you through an overview of the Elastic Stack, Fleet, and Elastic Agent. You will then learn how to create visualizations and dashboards and how to use Lens before diving into the Security app. Finally, you will conduct a threat hunting capstone exercise to tie everything together.- Topics
- Audience
- Duration
- Pre-reqs
- Requirements
Topics
- Elastic Stack overview
- ECS
- Discover
- Visualizations
- Dashboards
- Security App
- Capstone
ELASTIC SECURITY FOR SIEM
COURSE INFORMATION
This course is built for analysts who use the Elastic Security for SIEM solution. Elastic Security for SIEM takes you through an overview of the Elastic Stack, Fleet, and Elastic Agent. You will then learn how to create visualizations and dashboards and how to use Lens before diving into the Security app. Finally, youwillconductathreathuntingcapstoneexercisetotieeverythingtogether.
Audience
- Professionals who use Elastic Security as their SIEM.
- Cybersecurity analysts who are responsibleformonitoringand investigatinglogsinaSOC
LESSONS
Day1:
Elastic Stack overview
IdentifythevariouscomponentsoftheElastic Stack,aswellashowdataflowsthroughit.Gain anunderstandingofthedifferentdatasources utilized in security use cases. Recognition of Fleet architectureandhowitmanagesElasticAgents. ConfigureanAgentpolicy,installintegrations, anddeployanElasticAgent.
Elastic Common Schema
ExaminetheapplicationoftheElasticCommon Schema(ECS).Discussthefundamentalsof logginganddatastructures.IdentifyhowECS normalizesdata.
Day2:
Security app
Summarizerelevantinformationwithinthe Host, Network, and User pages. Identify how the DetectionEnginesearchesactivityand generatesalerts.Constructcustomdetection rules with KQL, EQL, Lucene. Analyze Alerts that aregeneratedfromDetectionrules.Correlate relevantdatausingTimelineandtracksecurity eventsusingCases.Monitorsecurityrelated eventswithDashboardsintheSecurity Solution.
Duration: 24hours
Language: English
Requirements
- Stableinternetconnection
- Mac,Linux,orWindows
- Latest version of Chrome or Firefox (otherbrowsersnotsupported)
- Disableanyadblockersandrestart your browser before class
ELASTIC SECURITY FOR SIEM
COURSE INFORMATION
LESSONS
Somelessonsincludeahands-onlab.
Discover
DiscusshowKibanadisplaysdatainDiscoverand customizetheDiscoverinterfacetosearchfordata. Construct queries using KQL/Lucene to view relevant data.
Visualizations
Interpretdatawithinvisualizations.Identifybest practicesforcreatingaggregation-based visualizations.Interpretdatawithinvisualizations. Create aggregation-based and Lens visualizations for securityusecases.Demonstratetheuseof additionalfeaturesinLens.
Dashboards
InterpretdatausingrelevantDashboards. Demonstrate best practices for pivoting between apps in Kibana. Identify best practices for creating Dashboards.CreateDashboardsforsecurityuse cases.
Day3:
Huntcapstone
Workthroughaseriesofhuntmissionsdesignedto gainanunderstandingofhunttoolsand techniques.Learntochoosetherighttoolforeach job,howtoknowwhentodigdeeper,response operations,andmorebeforeembarkingon individual and team hunts.
Hunts include: find the beacons, enemy objectives, applying the kill chain, and full-spectrum adversary detection.
Prerequisites
Abasicunderstandingof:
Networking
- TCP/IP
- Commonportsandprotocols
- Common networking devices (routers, switches, firewalls)
CommonNetworkMonitoringTools
- IDS(Suricata)
- Zeek
- PacketCaptureTool
OperatingSystems
- Windowsand Linux
- Filesystemsandpermissions
- Commandlinenavigation
VulnerabilitiesandExploitMethodology
- Reconnaissance
- CommandandControl(C2)
- Data Exfiltration
~ Our Clients ~
~ Testimonials ~
Here’s what our customers have said.
Empowering Businesses with Exceptional Technology Consulting