Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Achieving Open-Source SIEM Sovereignty
- Understanding why cloud-based SIEMs pose compliance and cost risks for log retention.
- Overview of Wazuh architecture: server, indexer, dashboard, and agents.
- Comparative analysis with Splunk, Sentinel, Elastic Security, and QRadar.
Deployment and Architecture
- Single-node and distributed deployment patterns.
- Utilizing Docker Compose and Kubernetes manifests.
- Hardware sizing guidelines: CPU, RAM, and disk IOPS requirements for log ingestion.
- Configuring certificates and TLS for secure component communication.
Agent Management
- Installing agents via packages, Ansible, or Group Policy Objects (GPO).
- Managing agent enrollment, key exchange, and group assignment.
- Implementing agentless monitoring via syslog, AWS S3, or API polling.
- Strategies for upgrading agents across large fleets.
Detection Engineering
- Using decoders and rules for log parsing and event extraction.
- Mapping rules to MITRE ATT&CK categories.
- Implementing File Integrity Monitoring (FIM) and rootkit detection.
- Writing custom rules using XML and YAML syntax.
- Integrating threat intelligence from MISP, VirusTotal, and AlienVault.
Incident Response and Automation
- Configuring active responses: firewall blocking, account disabling, and process termination.
- Integrating with SOAR platforms like Shuffle, n8n, or custom webhooks.
- Correlating alerts and identifying multi-stage attack chains.
- Managing cases and preserving evidence.
Compliance and Reporting
- Mapping controls to PCI-DSS, HIPAA, GDPR, and NIST standards.
- Monitoring policies for password strength, encryption, and patching status.
- Generating and exporting scheduled reports.
- Ensuring audit trail integrity and detecting tampering.
Dashboards and Visualization
- Customizing the Wazuh dashboard and creating widgets.
- Integrating Grafana for advanced visualizations.
- Ensuring Kibana compatibility for legacy Elastic deployments.
- Designing views for executives and operational SOC teams.
Maintenance and Scaling
- Managing indexer shards and implementing hot-warm-cold archiving.
- Defining log retention policies and legal hold procedures.
- Executing disaster recovery and cluster rebuild processes.
Requirements
- Intermediate knowledge of Linux and Windows system administration.
- Understanding of SIEM concepts: correlation, alerting, and log aggregation.
- Experience with the Elastic Stack or OpenSearch.
Target Audience
- Security operations centers seeking to replace commercial SIEM solutions.
- Compliance teams requiring on-premise log retention capabilities.
- Government agencies requiring sovereign threat detection mechanisms.
21 Hours
Testimonials (2)
Lab exercise
Tse Kiat - ST Engineering Training & Simulation Systems Pte. Ltd.
Course - Automated Monitoring with Zabbix
Speed of response and communication
