Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Open-Source SIEM Sovereignty
- Understanding the compliance and cost risks associated with cloud SIEMs for log retention.
- Overview of Wazuh architecture: server, indexer, dashboard, and agents.
- Comparison with Splunk, Sentinel, Elastic Security, and QRadar.
Deployment and Architecture
- Single-node and distributed deployment patterns.
- Docker Compose and Kubernetes manifests.
- Hardware sizing guidelines: CPU, RAM, and disk IOPS for log ingestion.
- Certificate and TLS configuration for secure component communication.
Agent Management
- Installing agents via packages, Ansible, or GPO.
- Agent enrollment, key exchange, and group assignment.
- Agentless monitoring options via syslog, AWS S3, or API polling.
- Strategies for upgrading agents across large fleets.
Detection Engineering
- Utilizing decoders and rules for log parsing and event extraction.
- Mapping rules to MITRE ATT&CK categories.
- File integrity monitoring (FIM) and rootkit detection.
- Writing custom rules using XML and YAML syntax.
- Integrating threat intelligence from MISP, VirusTotal, and AlienVault.
Incident Response and Automation
- Active response actions: firewall blocking, account disabling, and process termination.
- SOAR integration with Shuffle, n8n, or custom webhooks.
- Correlating alerts and identifying multi-stage attack chains.
- Case management and evidence preservation.
Compliance and Reporting
- Mapping controls for PCI-DSS, HIPAA, GDPR, and NIST.
- Policy monitoring for password strength, encryption, and patching.
- Generating and exporting scheduled reports.
- Ensuring audit trail integrity and detecting tampering.
Dashboards and Visualization
- Customizing Wazuh dashboards and creating widgets.
- Integrating Grafana for advanced visualizations.
- Ensuring Kibana compatibility for legacy Elastic deployments.
- Developing executive and operational SOC views.
Maintenance and Scaling
- Managing indexer shards and implementing hot-warm-cold archiving.
- Establishing log retention policies and legal hold procedures.
- Executing disaster recovery and cluster rebuild processes.
Requirements
- Intermediate knowledge of Linux and Windows system administration.
- Understanding of SIEM concepts, including correlation, alerting, and log aggregation.
- Prior experience with the Elastic Stack or OpenSearch.
Audience
- Security operations centers seeking to replace commercial SIEM solutions.
- Compliance teams requiring on-premise log retention.
- Government agencies needing sovereign threat detection capabilities.
21 Hours
Testimonials (3)
The trainer was helpful..
Attila - Lifial
Course - Compliance and the Management of Compliance Risk
Lab exercise
Tse Kiat - ST Engineering Training & Simulation Systems Pte. Ltd.
Course - Automated Monitoring with Zabbix
learning about Basel
