Security information and event management (SIEM) software appliance has been being used in different forms for longer than 10 years and has evolved significantly during that time. SIEM solutions provide a holistic view of what is happening on a network in real-time and help IT teams to be more proactive in the fight against security threats.
SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, asset profiles, and vulnerabilities. SIEM classifies suspected attacks and policy violations as offenses.
This course is designed for aspiring junior SOC / SIEM analyst who is new and unfamiliar with SIEM concepts. This course covers the fundamental elements of Security Incident Event Management (SIEM) architecture components and data flow. Student will learn how SIEM collect and analyse data to detect malicious activities. By the end of this training, you would have learned different types of log event, the SOC, SecOps and SIEM, log data sources, SIEM Analytics and how SIEM works.
At the end of this course students will be able to:
- Describe the different Legacy SIEM and Next Gen SIEM
- Describe how SIEM collects data to detect suspicious activities
- Describe the SIEM component architecture and data flows
- Describe the SIEM logging process
- Describe the SIEM log flow
- Evaluate and Select SIEM tools
Who Should Take this Course?
- SIEM Platform Engineers
- Junior SOC Analysts
- Security Analysts
- SOC Engineers
- Security Monitoring Analyst
- System Administrators
- Cyber Threat Investigators
- SIEM Design and Implementation
- Cyber Incidents Planning and Response Course
- Cyber Security Fundamentals