This course is a practical guide to introducing defensive technologies around
SIEM terminology and intrusion detection. Content is independent of everything
constructor and aims to provide a global and impartial view of the functional aspects
and techniques. The goal is to provide trainees with the tools and knowledge
necessary to address a market where solutions are multiple, complex and
times difficult to discern.
We will first study the introduction of intrusion detection probes.
around Suricata and OSSEC solutions. The trainees will learn in particular
write Snort and OSSEC detection rules.
In particular, the objectives of the training are:
• Mastering Linux Administration
• Good knowledge of the network / system
• Scripting notions
• Code : MSIEM
• Duration : 4 Days
• schedule : 8h30 - 17h30
• place : training center, Center Urbain Nord
• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises
• False positives, detection, prevention, etc.
• Architectecure and types of IDS Presentation of the IDS Suricata TP rules writing language
• Implementation of an IDS architecture
• Game of attack and creation of rules of detection (scans, brutforce, exploitation of vulnerability).
• Deployment and basic configuration
• TP Rules Write Syntax
• Writing rules• Limitations of IDS
• Important points in a call offer
• Objectives of a SIEM
• Architecture and features
• Syslog and centralization of newspapers
• Time synchronization (NTP)
• Presentation of ELK
• Advanced configuration of Logstash
• Configuring Logstash Agents
• Writing advanced Groks
• Heterogeneous environment: Linux, Windows
• Virtualization of results in Kibana Conslusion
• Discussion of alternative solutions
• Preparation of key points for a call for tender
Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.