Project 13: Incident Detection with SIEM

Incident Detection with SIEM Overview Security Information and Event Management (SIEM) tools allow security teams to collect, analyze, and correlate security events across an organization’s IT infrastructure. This lab provides hands-on experience configuring and using SIEM platforms to detect security incidents and automate response mechanisms. What You Will Learn Setting up and configuring a SIEM platform (Wazuh, Splunk, or ELK Stack) Collecting and analyzing security logs Detecting anomalies and security threats using SIEM alerts Correlating security events from multiple sources Creating custom dashboards for real-time security monitoring Lab Instructions 1. Setting Up Your SIEM Environment You will need: ...

Threat Hunting & Anomaly Detection Lab

Threat Hunting & Anomaly Detection Lab Overview Threat hunting is a proactive cybersecurity approach that involves identifying potential security threats before they cause harm. This lab introduces students to threat hunting techniques, anomaly detection strategies, and behavioral analysis methods to detect advanced threats that evade traditional security tools. Lab Instructions 1. Setting Up Your Environment You will need: A SIEM platform (Splunk, Wazuh, or ELK Stack) Access to MITRE ATT&CK, VirusTotal, and AlienVault OTX A dataset containing logs from a simulated network breach (provided by instructor) Install required tools (if using Wazuh on Debian-based OS) sudo apt update && sudo apt install wazuh-agent 2. Collecting Security Data for Threat Hunting Threat hunters use logs from multiple sources, including: ...

Threat Intelligence & IOC Analysis

Threat Intelligence & IOC Analysis Overview Cyber threat intelligence enables security professionals to identify, analyze, and respond to cyber threats effectively. This lab will teach you how to collect, analyze, and apply Indicators of Compromise (IOCs) to security monitoring. Lab Instructions 1. Setting Up Your Environment You will need: A Linux or Windows VM Access to AlienVault OTX, VirusTotal, and MITRE ATT&CK A SIEM tool (Wazuh, Splunk) installed for IOC analysis 2. Collecting Threat Intelligence Data Threat intelligence comes from many sources, including open-source feeds, security vendors, and malware analysis platforms. ...