Security Information and Event Management, commonly known as S | CISO as a Service

Security Information and Event Management, commonly known as SIEM; is one of the main tools used in every Security Operations Center (SOC). SIEMs collect data from various sources in your network, then normalise, index and aggregate that data. This data can then be used for compliance reporting, threat detection and various other things dependent on the features of the SIEM.
Due to the popularity of SIEM within SOCs, it is essential that cyber security professionals understand what SIEMs are, how they work; and how to use them. In the post I will discuss some free, open source SIEMs you can setup and learn. Along with this, I will also show you some great resources to learn the most popular enterprise grade SIEMs out there.

ALIENVAULT OSSIM
Alienvault OSSIM (Open Source SIEM) is one of the most popular free, open source SIEMs out there. It is a great platform to learn on as it can be setup for free and contains many of the features of expensive, enterprise grade SIEMs.
There are a variety of free resources you can use to learn this. Cybrary has a 78 minute beginner level course, which shows you how to install, setup and configure OSSIM. You can then use this platform to practice SIEM. Sign up to the course here for free –
https://www.cybrary.it/course/alienvault-ossim
Once you have this setup, Alienvault (Now called AT&T Security) has extensive resources to learn more about OSSIM. This includes behavioural monitoring, threat intelligence integration and other advanced topics. See the guides here – https://cybersecurity.att.com/resource-center#product_ossim_query_OSSIM
Please be aware of the following minimum system requirements when installing OSSIM on a VM, VPS etc.
• 2 CPU cores
• 4-8GB RAM
• 250GB HDD
• E1000 compatible network cards


-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1401.06.10