Search the Community
Showing results for tags 'blue-teaming'.
All About SIEM If you have heard about SIEM, but do not have idea what it is and how it works then you are at the Right place. In this article I would be explaning what SIEM is and how it works. Full Form of SIEM The Full Form of SIEM is Security Incident and Event Management. As it's name suggests it is used for Security Management of an Enterprise. It is basically related to real-time analysis of logs through various sources. What is SIEM ? SIEM is a log management solutions which is used to collect logs from different sources such as firewall logs, windows Event logs , IDS Logs and logs from various services like FTP, SSH, SMTP, SSL etc.... These all logs are collected to a centralized location via SIEM and then we can use those logs can be used for generating a timeline of when which event happened and this can be very helpful in Incident Response process. Some modern SIEM solutions can also be integrated to cloud and then gather logs from AWS and Azure and other cloud services. Their are also forwarders available which can be used to forward logs from one system to another. Where SIEM is used ? SIEM is used in enterprise to track performance of their website. For example they can see how many users visited their log in and then Payment page so that they can keep a track on their user behavior weather they are buying products or not. Also it is used to manage and collect logs so if any incident is reported the timeline of malicious events can be made and it can be determined what malicious activities happened so that they can be mitigated. Some of the SIEM solutions which I would recommend is , Splunk, QRadar, GrayLog. -Dipanshu Pandey
➡️ ⚠️Note that some of these may be very advanced, but that's good for learning goals as you will see stuff as Blue Team that you never saw before too! Always run these tests in an isolated virtual machine that has no connection to the internet as a minimum safety precaution. ⚠️⚠️ 1) https://lnkd.in/e6V8Q7-d - Very useful for basic understanding of Splunk; you'll need this for some of the labs. >>> SIEM Case Investigation: 2) https://lnkd.in/eVJyr5D4 - Splunk's Boss of the SOC v1 3) https://lnkd.in/efvf_XkM - Splunk's Boss of the SOC v2 4) https://lnkd.in/e6Ru2uGN - Splunk's Boss of the SOC v3 5) https://lnkd.in/eGv7-Zx9 GittheGate - Kibana/ELK SIEM >>> Basic Traffic Analysis: A great website for challenges on PCAP analysis is: https://lnkd.in/eRCJ2fSd ⚠️You can do all the PCAP challenges/tasks there but be aware that some of the PCAPs do contain active malware. Use at your own risk! ⚠️ Advanced Threat Hunting The following seven challenges are designed around the yearly competition by FireEye. These are HARD and you have no clear hints. Exercises such as these are great to prepare for a forensics role; as they will challenge you very much so. https://lnkd.in/dPyyUEV - FireEye's Flare-on v1 https://lnkd.in/eAEWqDyK - FireEye's Flare-on v2 https://lnkd.in/eXCtjbmC - FireEye's Flare-on v3 https://lnkd.in/eSd2Yb32 - FireEye's Flare-on v4 https://lnkd.in/eM7PST6V - FireEye's Flare-on v5 https://lnkd.in/eArgxc9n - FireEye's Flare-on v6 https://lnkd.in/drDQFk7 - FireEye's Flare-on v7 Other https://lnkd.in/dcNmX2g - HireMe - Windows Disk Image Forensics