OT-ICS Cybersecurity SOC/SIEM Implementation with WSUS & AD

*MAKE YOUR OWN ICS SIEM/SOC LAB SETUP WITHOUT HARDWARE*

Welcome to our comprehensive course on ICS Cybersecurity from end-to-end deployment. This course covers key concepts essential to safeguarding Industrial Automation and Control Systems cybersecurity.

We will delve into critical cybersecurity components such as Security Information and Event Management (SIEM), with a focus on Elasticsearch-Logstash-Kibana (ELK Stack), SIEM Dashboarding/ Query: Kibana, and NOC- Network Monitoring/ Operations Dashboarding: Grafana.

You will also learn about EDR/HIDS - Endpoint Detection and Response/ Host Intrusion Detection: Wazuh, Log Management: Beats/Sysmon (Log collector for Windows Event logs and more), Asset Management: OSQuery - FleetDM, Endpoint Visibility: Sysmon, Malware Detection: Strelka, Firewall: pfsense (Firewall), and IPS-Intrusion Prevention System: Snort Based.

We will also explore Nmap for network-based queries, Vulnerability Management: Using Nessus, Active Directory- Windows Server, WSUS-Windows Server Update Services, Modbus Communication, DNP3 communication, and OPC Server-Client Communication.

By the end of this course, you will have a comprehensive understanding of ICS Cybersecurity from end-to-end deployment, including key concepts and tools essential to safeguarding your systems. Enroll now to gain valuable knowledge and expertise in this critical field.

This course is totally practical, in all chapters we are installing, configuring, or deploying something on machines located in azure infrastructure, and it's simple, I promise.

We will cover some key concepts of ICS Cybersecurity from end-to-end deployment which are as follows:

1. Security information and event management (SIEM): Elasticsearch-Logstash-Kibana (ELK Stack)

2. SIEM Dashboarding/ Query: Kibana

3. NOC- Network Monitoring/ Operations Dashboarding: Grafana

4. EDR/HIDS - Endpoint Detection and Response/ Host Intrusion Detection: Wazuh

5. Log Management: Beats/Sysmon (Log collector for Windows Event logs and more)

6. Asset Management: OSQuery - FleetDM

7. Endpoint Visibility: Sysmon

8. Malware Detection: Strelka

9. Firewall: pfsense (Firewall)

10. IPS-Intrusion Prevention System: Snort Based

11. Nmap for network-based queries

12. Vulnerability Management: Using Nessus

13. Active Directory- Windows Server

14. WSUS-Windows Server Update Services

15. Modbus Communication

16. DNP3 communication

17. OPC Server-Client Communication

And this is a dynamic list, and with time keeps on updating and increasing to increase coverage.

* Connect to me on Linkedin/ or visit cyberotsecure{dot}com website to get discounts.*

The environment is deployed on Azure with the cheapest region and minimum resource requirements. All the steps are guided and well explained so that you can follow and create your own ICS SOC easily. after doing this course you will have a good understanding of cybersecurity technologies that are in use in the ICS landscape as well as in the overall industrial control system environment.  You can run all types of tests and simulate this environment, you can also install applications from your organization to test in a similar mode.