Browse

SIEM Training Syllabus

CYBERCRIME IS THE BIGGEST CHALLENGE THESE DAYS WITH DEVELOPMENT & ACCESS TO TECHNOLOGY ACROSS THE GLOBE.

Module-1: Networking Concepts

  • IP Addressing.
  • Types Of IP address.
  • How Computer Communication.
  • Transport Procotocol
  • IP Planning.
  • DNS Server and Various types of DNS records.
  • Understanding Of OSI model and reference layer devices.
  • TCP/IP Packet Understanding.
  • 3 Ways Handshake.
  • Router, Switches
  • Understanding Of designing Corporate network etc

Module-2: Security Device

  • Understanding Of Firewall.
  • Web Application Firewall(WAF)
  • Proxy
  • Email Gateway(Email Security)
  • IPS/IDS
  • DLP
  • End Point Security

Module-3: Types Of Cyber Attack & Mitigation

  • Ransomeware Attack.
  • DOS Attack.
  • SQL Injection.
  • Cross Sites Scripting.
  • Malware Attack.
  • Phishing Atttack.

Module-4: SIEM

  • What Is SIEM.
  • Selection Criteria Of SIEM.

Module-5: ArcSight Admin & Analyst

  • Introduction of SIEM and ArcSight Tool.
  • Architecture Of ArcSight, Dual estination setting.
  • ArcSight event schema and Life Cycle.
  • Installation Of ArcSight Smart Connector.
  • Understanding of different parameter of smart connector and how to apply them such as Normalization, Filtering, Aggregation, Cache, Batching.
  • Understanding the details of various ArcSight Components.
  • ArcSight deployment ArcSight Architecture.
  • Linear Architecture, Dual destination and Failover Architecture.
  • Version history Of Components
  • Upgradation Of Smart Connectors.
  • Introduction Of loggers.
  • Introduction Of loggers.
  • How to search event on logger.
  • How to seaMicrofocus ArcSight Support Resources.
  • Integration Of various devices with ArcSight such as Windows, Unix, Firewall, Syslog etc...
  • Troubleshooting of Connector Issues, and Identify.
  • Overview Of ESM Console.
  • Creation Of Active Channels.
  • Creation of Active List, Season List.
  • Creation Of Rules, Query, and Reports.
  • Creation Of Dashboards & Data monitors.
  • User Administration.
  • Incidents Notifications.
  • Optimization Of ArcSight ESM Resources.
  • Investigation Of Incidents & Identify true positive & False Positive.
  • Overview Of ArcSight Command Center.
  • ArcSight ESM Peering, Backup & Archival Setting.
  • Realtime scenarios of various incidents and Remediation Steps.

Module-6: Splunk SIEM Security

  • Introduction Of SIEM and Splunk Tools.
  • Understanding various components of splunk.
  • Various deployment Architecture of splunk.
  • Installation of Splunk Enterprise and Search head.
  • Installation Of splunk Universal Forwarders.
  • Introduction to splunk Configuration files, Universal Forwarder, Forwarder management, Data
  • management, Troubleshooting and monitoring..
  • Integration Of Various devices with Splunk such as Windows, Unix, Firewall Syslog etc.
  • Understanding various parameter of universal forwarders.
  • Introduction to Splunk's User Interface.
  • Define Splunk Apps.
  • Installation Splunk Apps and Addons.
  • Learn basic navigations in Splunk.
  • Different Ports and Procotols being used across all Splunk Components.
  • Understanding the Splunk Indexes, The default Splunk Indexes, Segregation the Splunk Indexes, Learning about Splunk bucket and Bucket Classification, estimating index storage, Creating new index.
  • Using Seacrhing and Reporting in the Splunk.
  • Using Field in Searches.
  • Creating Reports and Visualizations.
  • Working With Dashboards.
  • Search Fundamentals.
  • Various Reporting Commands.
  • Creating and managing Alerts.
  • Understanding of Splunk Security.
  • Creation Of Correlation Rules.
  • Managing Incidents review in Splunk Enterprise Security.
  • Customize notable event setting in Splunk Enterprise Security.
  • Analyzing the incidents whether its true Positive or False positive.
  • How to Create Incident on the Ticketing tool and report Incidents.