Home About
Services
Consulting and Expertise Security Management Security Governance Business Continuity Security Awareness
Formations
SECURITE OFFENSIVE - ETHICAL HACKING
Cybersecurity Awareness Hacking & Security: Fundamentals Hacking & Security: Advanced Hacking & Security: Expert Certified Ethical Hacker v10 Penetration Testing: Audit Simulation Web Site Audit Social Engineering and Countermeasures Conducting a Security Audit: SI Audit Method Certified Web Application Security Pentester Python for Pentesting Advanced Exploitation with Metasploit Certified of Cloud Security Knowledge Intelligent Android Application Testing Computer Hacking Forensic Investigator v9
INFORENSIQUE
Computer Hacking Forensic Investigator v9 Advanced Forensic Analysis and Incident Response Mobile Device Forensics
MANAGEMENT
ISO 27001: Certified Lead Implementer ISO 27001: Certified Lead Auditor ISO 27005: Certified Risk Manager ISO 27005: Certified Risk Manager + EBIOS Method Certified Information Systems Auditor Certified Information Systems Security Professional Certified Data Protection Officer Certified Information Security Manager ISO 31000: Certified Risk Management ISO/IEC 22301 Certified Lead Auditor ISO/IEC 22301 Certified Lead Implementer ISO/IEC 27032 Certified Cybersecurity Manager ISO/IEC 27034 Certified Lead Auditor ISO/IEC 27034 Certified Lead Implementer ISO/IEC 27035 Lead Incident Manager Certified Lead Pen Test Professional ISO 9001 Certified Lead Auditor ISO 9001 Certified Lead Implementer
SECURITE DEFENSIVE
Android Device Security Awareness >Linux Security Windows Security Network Security Technology Watch Security SIEM Implementation Secure Web Development: Python Session Secure Web Development: PHP Session
Team Contact

Language

FR EN AR
Home / Training / SIEM Implementation

SIEM Implementation

Master intrusion detection, log centralization, and modern monitoring with SIEM.

SIEM
Intrusion Detection
Advanced Training

Objective

This course is a practical guide aimed at presenting defensive technologies around SIEM terminology and intrusion detection. The content is vendor-independent and aims to provide a global and impartial view of functional and technical aspects. The objective is to provide trainees with the tools and knowledge necessary to approach a market where solutions are multiple, complex, and sometimes difficult to distinguish.
We will first study the implementation of intrusion detection probes using Suricata and OSSEC solutions. Trainees will learn to write Snort and OSSEC detection rules in particular.

Specific objectives:

  • Understand the limitations of traditional security tools
  • Discover the technological principles behind the SIEM acronym

Prerequisites

  • Mastery of Linux administration
  • Good network/system knowledge
  • Scripting fundamentals

General Information

  • Code: MSIEM
  • Duration: 4 days
  • Schedule: 8:30 AM - 5:30 PM
  • Location: Training Center, Centre Urbain Nord, Tunis

Target Audience

  • Security consultants
  • Engineers / Technicians
  • Technical managers

Resources

  • Training materials
  • 40% demonstration
  • 40% theory
  • 20% practical exercises

Training Program

  • Day 1
    • Role of intrusion detection terminology
    • False positives, detection, prevention, etc.
    • Architecture and types of IDS
    • Suricata IDS presentation
    • Rule writing language - Practical Work
    • Setting up an IDS architecture
    • Attack scenarios and creating detection rules (scans, brute force, vulnerability exploitation)
  • Day 2
    • OSSEC HIDS presentation and architecture
    • Deployment and basic configuration
    • Rule writing syntax - Practical Work
    • Rule writing
    • IDS limitations
    • Important points in the context of a tender
  • Day 3
    • Modern challenges posed to traditional monitoring
    • SIEM objectives
    • Architecture and functionalities
    • Syslog and log centralization
    • Time synchronization (NTP)
    • ELK presentation
    • Advanced Logstash configuration
  • Day 4
    • Practical Work
    • Logstash agents configuration
    • Writing advanced Groks
    • Heterogeneous environment: Linux, Windows
    • Results visualization in Kibana
    • Conclusion
    • Discussion on alternative solutions
    • Preparation of key points for a tender

Don't hesitate to contact our experts for any additional information, free study and audit service calculation.

Information security is essential for any business that must protect and improve its information assets.

Contact us