SIEM Admin - Incident Handing Training - SOC Team

Learn about SIEM tools HP Arcsight, IBM QRadar, RSA Security Analytic, Splunk, McAfee Nitro required for in SOC

4.50 (97 reviews)
Udemy
platform
English
language
Network & Security
category
instructor
467
students
3.5 hours
content
Aug 2023
last update
$22.99
regular price

What you will learn

What is the SIEM

SIEM Business Requirement

Integration Configuration of Data sources [Splunk]

SIEM Architechture of HP Arcsight, IBM QRadar, Splunk, RSA SA & McAfee Nitro

Administration of Configuration of Multiple SIEM (HP Arcsight, IBM QRadar, Splunk, RSA SA & McAfee Nitro)

Roles of Different SIEM Component of HP Arcsight, IBM QRadar, Splunk, RSA SA & McAfee Nitro

Event Life Cycle in SIEM Solution HP Arcsight, IBM QRadar, Splunk, RSA SA & McAfee Nitro

Alert Creation in [Splunk]

Creating Dashboards for Attack Analysis [Splunk]

Report Configuration [Splunk]

Building Industry Based Use Cases [Splunk]

Event Monitoring [Splunk]

Fine Tuning Of Alerts [Splunk]

Real World Incident Response Investigation [Splunk]

What is Cyber Kill Chain

How to develop effective USECASE in SIEM

How to Evaluate a SIEM tool

Description

THE MOST DEMANDING SIEM Online Training IS NOW ON UDEMY!

PHASE 2 - This course will make you familiar and teach you about various SIEM tools component, architecture, event life cycle and administration part for Splunk for log source integration, rule creation,  report configuration, dashboard creation, fine tuning and Incident Handing steps followed by Security Operation Center Team.

This course is designed is such a way, that any beginner or any working professional can learn the below SIEM tools event flow, architecture, design & difference.

1) HP ArcSight

2) IBM QRadar

3) RSA Security Analytics

4) Splunk

5) McAfee Nitro


What you will learn after completing this course:

  • What is the SIEM

  • SIEM Business Requirement

  • SIEM Architecture of HP Arcsight, IBM QRadar, Splunk, RSA SA & McAfee Nitro

  • Event Life Cycle in SIEM Solution HP Arcsight, IBM QRadar, Splunk, RSA SA & McAfee Nitro

  • Roles of Different SIEM Component of HP Arcsight, IBM QRadar, Splunk, RSA SA & McAfee Nitro

  • Integration Configuration of Data sources [Splunk]

  • What is Cyber Kill Chain

  • How to develop effective USECASE in SIEM

  • How to Evaluate a SIEM tool

  • Building Industry Based Use Cases [Splunk]

  • Alert Creation in [Splunk]

  • Event Monitoring [Splunk]

  • Creating Dashboards for Attack Analysis [Splunk]

  • Report Configuration [Splunk]

  • Fine Tuning Of Alerts[Splunk]

  • Real World Incident Response Investigation [Splunk]


Happy Learning !

Content

Why SIEM tool required in Cyber Security

Why Cyber Security Required and What is the Primary tool used in monitoring.

SIEM Introduction

Introduction

SIEM Architecture of HP Arcsight, RSA SA, Splunk, QRadar & Nitro

SIEM Architecture - Receiver Component.
SIEM Architecture - Manager Component
SIEM Architecture - Logger Component

Event Life Cycle In Various SIEM

HP Arcsight Architecture
RSA SA Architecture
IBM Architecture
Splunk Architecutre
Mcafee Architecture

Why Integration is required

Why Integration is required

Installation & Features

Types of SIEM Installation
SIEM Installation
SIEM Features

Deployment & Configuration of Agent

Installation of Agent in Windows Machine
Integration & Configuration of Agent in Windows Machine
Installation of Agent in Linux Machine
Integration & Configuration of Agent in Linux Machine
Configuration of Sys-logging in SIEM
Integration of Network Device

Usecase Development

What is Usecase
Development Life-cycle for USECASES
Phase 1 - Requirement for Usecase
Phase 2 - Data Points for Usecase
Phase 3 - Log validation for Usecase
Phase 4 - Design & Phase 5 -Implementation for Usecase
Phase 6 - Documentation for Usecase
Phase 7 - Onboarding for Usecase
Phase 8 - Periodical Updation for Usecase
Types of Usecases
Cyber Kill Chain
Reconnaissance & Weaponization
Delivery, Exploitation & Installation
Command and Control & Actions on Objective
How to Build Effective Usecase - Requirement & Risk
Build Effective Usecase - Define Alert
Build Effective Usecase - Priority, Impact & Mapping to Kill Chain
Build Effective Usecase - Measure Response & Detection
Build Effective Usecase - Standard Operating Procedures & Tuning Requirement
Build Effective Usecase - Response Plan and Operational Agreement
build Effective Usecase - Auditing & Reviewing
Evaluate SIEM capabilities with the Usecases.

Screenshots

SIEM Admin  - Incident Handing Training - SOC Team - Screenshot_01SIEM Admin  - Incident Handing Training - SOC Team - Screenshot_02SIEM Admin  - Incident Handing Training - SOC Team - Screenshot_03SIEM Admin  - Incident Handing Training - SOC Team - Screenshot_04

Reviews

Markus
December 12, 2022
Schwer zu verstehen. Die Untertitel machen recht wenig Sinn bis garkeinen Sinn und die meiste Zeit wird nur von der Folie 1 zu 1 abgelesen.
Adithya
August 18, 2021
The material you get here is widely available on the Internet. -They dont explain the Use Case creation in Detail. - Sometimes the voiceover is muffled. - Sometimes there are new voice overs in between the video like they stuck it in bits and pieces. - Most of all they dont explain the installation of splunk properly , input.conf needs to be created , its not already there. My review - Take this course if you need a high level understanding of what splunk is. This course needs some major revisions Thank you,
Brenda
June 20, 2021
it was a good match. just have a problem understanding the accent of the narrator. it felt like i was learning the narrators accent and the material at the same time.
Fernando
November 7, 2020
Buen curso con certificado, para mi ha sido más que provechoso para ampliar mis conocimientos en SIEM, totalmente recomendable.
Manivannan
July 31, 2020
This course gives a Basic Idea on SIEM Tools and processes with Splunk.The author gives false information that he has covered other 5 tools.There are no examples of Use cases for crtical attacks.Price is very high for the content.Really not upto expectations.Better look for a course on splunk training
Michael
November 15, 2019
Information was t overview level. Many many blurry slides, thick accent of teacher was very difficult to understand, at timed impossible which lead to getting lost.

Charts

Price

SIEM Admin  - Incident Handing Training - SOC Team - Price chart

Rating

SIEM Admin  - Incident Handing Training - SOC Team - Ratings chart

Enrollment distribution

SIEM Admin  - Incident Handing Training - SOC Team - Distribution chart

Related Topics

2495064
udemy ID
8/5/2019
course created date
7/12/2020
course indexed date
Bot
course submited by