Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Open-Source SIEM Sovereignty
- Why cloud-based SIEMs pose compliance and cost risks for log retention.
- Wazuh architecture: server, indexer, dashboard, and agents.
- Comparison with Splunk, Sentinel, Elastic Security, and QRadar.
Deployment and Architecture
- Single-node and distributed deployment patterns.
- Docker Compose and Kubernetes manifests.
- Hardware sizing: CPU, RAM, and disk IOPS requirements for log ingestion.
- Certificate and TLS configuration for secure component communication.
Agent Management
- Installing agents via packages, Ansible, or Group Policy Objects (GPO).
- Agent enrollment, key exchange, and group assignment.
- Agentless monitoring via syslog, AWS S3, or API polling.
- Strategies for upgrading agents across large fleets.
Detection Engineering
- Using decoders and rules for log parsing and event extraction.
- Mapping rules to the MITRE ATT&CK framework categories.
- File integrity monitoring (FIM) and rootkit detection.
- Writing custom rules using XML and YAML syntax.
- Threat intelligence integration with MISP, VirusTotal, and AlienVault.
Incident Response and Automation
- Active response actions: firewall blocking, account disabling, and process termination.
- SOAR integration with Shuffle, n8n, or custom webhooks.
- Alert correlation and chaining of multi-stage attacks.
- Case management and evidence preservation.
Compliance and Reporting
- Mapping controls for PCI-DSS, HIPAA, GDPR, and NIST.
- Policy monitoring for password strength, encryption standards, and patching.
- Scheduled report generation and export.
- Ensuring audit trail integrity and detecting tampering.
Dashboards and Visualization
- Customizing Wazuh dashboards and creating widgets.
- Integrating with Grafana for advanced visualizations.
- Kibana compatibility for legacy Elastic deployments.
- Designing executive and operational SOC views.
Maintenance and Scaling
- Indexer shard management and hot-warm-cold data archiving.
- Log retention policies and legal hold procedures.
- Disaster recovery and cluster rebuild processes.
Requirements
- Intermediate knowledge of Linux and Windows system administration.
- Understanding of SIEM concepts, including correlation, alerting, and log aggregation.
- Prior experience with the Elastic Stack or OpenSearch.
Audience
- Security operations centers seeking to replace commercial SIEM solutions.
- Compliance teams requiring on-premise log retention.
- Government agencies needing sovereign threat detection capabilities.
21 Hours
Testimonials (3)
The trainer was helpful..
Attila - Lifial
Course - Compliance and the Management of Compliance Risk
Lab exercise
Tse Kiat - ST Engineering Training & Simulation Systems Pte. Ltd.
Course - Automated Monitoring with Zabbix
Speed of response and communication
