SIEM Architecture and Process

As you start this learning path you will be introduced to what SIEM is and how it operates in a different space in the NIST Cyber Security Framework as compared to most security technologies. Next we dive in to learn about the challenges faced with modern distributed enterprise architectures and the reason why time to detection is outrageously long and completely unmanageable without a technology like SIEM.

8 courses  //   26 videos  //   7 hours of training

Free training week — 1,200+ on-demand courses and hands-on labs

Learn SIEM architecture and process

You’ll learn about the evolution of SIEM from the issues incurred through centralized logging solutions, which brought about various SIEM vendors designed to address these problems. This will lay the foundation for answering who SIEM vendors are, what SIEM is and why SIEM is needed! Progressing through the path you will then learn about the various components that make SIEM, well … SIEM! We discuss various architectural designs that provide robust scalability, resiliency and distributed operations to meet various organization’s enterprise architecture requirements. At this point you will be introduced to the SIEM we will use throughout the path and be given an introduction to navigating the SIEM. We will then begin diving into various methods of data ingestion, such as data pulls, Office365, AWS Cloudtrail and data pushes, such as syslog or Winlogbeats. We discuss various nuances between each collection method and the requirements typically seen with each. You will also begin ingesting log data into a virtual SIEM that you are building throughout this learning path. Here you begin learning about how SIEM does what it does. In the final parts of this learning path, we begin introducing you to data processing. You will learn various methods of data manipulation, such as regular expressions, substrings and replace, which will drive you to being capable of using SIEM to organize and structure your data. Next, we showcase how data enrichment can bring additional data to make events more meaningful. We wrap up the learning portion of the path by introducing the concept of use cases to drive meaningful content creation, such as alarms, dashboards and reporting, along with how we reduce noise through enriching our data with additional details. Lastly, you will proceed to complete a project designed to take a use case request and build content to meet the required deliverables.

Learning path components

SIEM Architecture and Process Skill Assessment
Assessment
SIEM Architecture and Process Skill Assessment

SIEM Architecture and Process Skill Assessment

See how your SIEM skills stack up against other professionals in your field.

Number of questions: 20

SIEM Architecture and Process Project
Practice Exam
SIEM Architecture and Process Project

SIEM Architecture and Process Project

Test your understanding of SIEM architecture and process in this project consisting of 5 challenges. In this project we pick up where we left off with the hands on activity for data processing. We will take a use case surrounding invalid user logon attempts and standardize our username field, visualize our data with a dashboard, enrich our data with last known user information, and create an alert that triggers with the required information.

Number of questions: 5

What is SIEM
Course
What is SIEM

What is SIEM

In this course we will introduce what SIEM is, the problems it is designed to help address, and various vendors in the SIEM space. We will also begin setting up our SIEM environment.

5 videos
65 minutes of training

Architecture
Course
Architecture

Architecture

In this course we will discuss the high level components that SIEM utilizes to help store, process and provide structure around our data. We will also overview the SIEM UI we previously installed.

3 videos
87 minutes of training

Data Collection
Course
Data Collection

Data Collection

In this course we will discuss various methodologies to ingest data into the SIEM. We will also be configuring our systems to ship our first logs into the SIEM.

3 videos
55 minutes of training

Data Processing
Course
Data Processing

Data Processing

In this course, we discuss various data formats and data structures. We review various methods to organize our data and make the data meaningful. We also use sample log data in this section to view how the system structures various data formats.

3 videos
53 minutes of training

Data Enrichment
Course
Data Enrichment

Data Enrichment

In this course we discuss the purpose behind data enrichment and how we map data from various sources to provide contextual information in the SIEM. We also review a real-world example using event data to enrich a malware event.

3 videos
38 minutes of training

Data Indexing
Course
Data Indexing

Data Indexing

In this course we briefly touch on various capabilities to store and manage data. This course is designed to give you ideas behind scalability and resiliency and what these capabilities mean when it comes to managing your data.

1 video
17 minutes of training

Using Data
Course
Using Data

Using Data

In this course we introduce Use Cases which are a framework designed to take a detection based capability from concept to reality. We then proceed to follow the process for an example Use Case Detection.

7 videos
103 minutes of training

SIEM Wrap-Up
Course
SIEM Wrap-Up

SIEM Wrap-Up

In this course we discuss the key concepts and key takeways from each of the courses to help solidify your foundational understanding of SIEM.

1 video
8 minutes of training

 

What you’ll learn.

  • Understanding of what SIEM is
  • Understanding of the process SIEM uses to bring structure to data
  • Understanding of how to use SIEM to gain visibility into your environment
  • Hands-on experience implementing a SIEM solution
  • Hands-on experience building content for threat detection

Who is this for?

This path introduces a broad, conceptual understanding of enterprise architecture. It is designed for those interested in implementing and deploying SIEM, security operations or an automated log analysis solution. The key benefits will be hands-on experience deploying a SIEM solution and implementing content to gain visibility into local system events, along with a high-level understanding of various SIEM components, capabilities and deployment considerations.

Meet the author

Ryan Fitzpatrick

Ryan Fitzpatrick has been working in IT for 14 years. He spent the first four years bouncing between help desk, systems administration and network administration for small businesses — where he played around with every piece of technology he could get his hands on — before landing on supporting SIEM. He was intrigued by data analytics and the automation potential SIEM brought to organizations.

Armed with natural curiosity, a wide scope of technological understanding and a childhood full of scripting, he found himself in a rewarding career where he could continue to learn, develop and automate. So far he’s helped ingest and analyze data from over 500,000 endpoints worldwide and trained two teams of analysts and engineers to perform security operations.

In his free time, Ryan enjoys video games, practicing jiu-jitsu and teaching himself new skills in IT. His latest interest has been in developing automation servers with Django, and he is successfully managing the health and status of a 60-node SIEM cluster designed to handle data from 60,000 data sources.

Plans & pricing

Personal
Teams

Infosec Skills subscription

Monthly
Annually
  • 140+ role-based learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support
  • Create custom learning paths from 100s of courses

Live boot camp

Request a quote for pricing

 

Request Quote Browse Boot Camps
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Live, instructor-led training (in-person or live online)
  • 90 day extended access to recordings of daily lessons
  • Certification exam voucher
  • Learn by doing with hundreds of additional hands-on courses and labs

Infosec Skills Teams subscription

Annual

$599 per learner / year

Request Team Quote Free Team Trial
  • Team administration and reporting
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 140+ role-based learning paths (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Skill assessments
  • Create and assign custom learning paths
  • Dedicated client success manager

Live team boot camp

Request a quote for pricing

 

Request Team Quote Browse Boot Camps
  • Team boot camp administration and reporting
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Knowledge Transfer Guarantee
    If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
  • Certification exam vouchers
  • Live, instructor-led training (onsite, in-person or live online)
  • 90 days extended access to recordings of daily lessons
  • Build your team's skills with hundreds of additional hands-on courses and labs

Award-winning training that you can trust

Technical Skills Development, Online Course Providers & eLearning Content

Technical Skills Development, Online Course Providers & eLearning Content

Infosec Skills

eLearning Content

eLearning Content

Infosec Skills

Best Product - Cybersecurity Training for Infosec Professionals

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Security Education & Platform

Security Education & Platform

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Workforce Framework for Cybersecurity.

LX Labs

SC Media names Infosec Skills Best IT Security Training

See for yourself why Infosec Skills leads the cybersecurity training industry.