SIEM Architecture and Process Project

Test your understanding of SIEM architecture and process in this project consisting of 5 challenges. In this project we pick up where we left off with the hands-on activity for data processing. We will take a use case surrounding invalid user logon attempts and standardize our username field, visualize our data with a dashboard, enrich our data with last known user information, and create an alert that triggers with the required information.

Free training week — 1,400+ on-demand courses and hands-on labs

Get hands-on SIEM experience

Estimated project time: 1 hours, 13 minutes

Project Overview and Challenge Documents
File
Project Overview and Challenge Documents

Project Overview and Challenge Documents

The challenge files and other documents you will need to complete this project.

winlogbeat
File
winlogbeat

winlogbeat

Files you will need to complete this project.

Virtual Box
File
Virtual Box

Virtual Box

Files you will need to complete this project.

Graylog
File
Graylog

Graylog

Files you will need to complete this project.

Standardizing the Username Field Hint
Video
Standardizing the Username Field Hint

Standardizing the Username Field Hint

In this video you are provided hints on how to find the index field you will be required to alter, and how to navigate to a pipeline processing rule.

5 minutes

Standardizing the Username Field Answer
Video
Standardizing the Username Field Answer

Standardizing the Username Field Answer

In this video you are provided the remaining information required to create the pipeline processing rule to begin standardizing the username field.

1 minute

Creating the Invalid User Logon Dashboard Hint
Video
Creating the Invalid User Logon Dashboard Hint

Creating the Invalid User Logon Dashboard Hint

In this video you are provided hints to search for the specific data requirements to create your dashboard for invalid user logons.

1 minutes

Creating the Invalid User Logon Dashboard Answer
Video
Creating the Invalid User Logon Dashboard Answer

Creating the Invalid User Logon Dashboard Answer

In this video you are provided with remaining information required to complete your invalid user logon dashboard.

2 minutes

Lookup Table Creation Hint
Video
Lookup Table Creation Hint

Lookup Table Creation Hint

In this video you are provided hints on creating the lookup table required to enrich last successful logons on failed logons.

2 minutes

Last User Logon Search Criterion Hint
Video
Last User Logon Search Criterion Hint

Last User Logon Search Criterion Hint

In this video you are provided hints to create search filter for the mapping of hostnames to last successful logons.

5 minutes

Last User Logon Data Enrichment Hint
Video
Last User Logon Data Enrichment Hint

Last User Logon Data Enrichment Hint

In this video you are provided the remaining information for the search filter and provided hints to begin mapping hostnames to last successful logged on user.

3 minutes

Enriching Last User Logon to Failed Logon Hint
Video
Enriching Last User Logon to Failed Logon Hint

Enriching Last User Logon to Failed Logon Hint

In this video you are provided the remaining information for mapping hostnames to last successful logged on user and hints on enriching failed logons with last known user information.

3 minutes

Enriching Last User Logon to Failed Logon Answer
Video
Enriching Last User Logon to Failed Logon Answer

Enriching Last User Logon to Failed Logon Answer

In this video you are provided the remaining information to create the enrichment of last known username on invalid logon attempts.

2 minutes

Filtering Non-User Logons From Dashboard Hint
Video
Filtering Non-User Logons From Dashboard Hint

Filtering Non-User Logons From Dashboard Hint

In this video you are provided hints on finding the information required to filter non-interactive and non-invalid username related activity.

2 minutes

Filtering Non-User Logons From Dashboard Answer
Video
Filtering Non-User Logons From Dashboard Answer

Filtering Non-User Logons From Dashboard Answer

In this video you are provided the remaining information required to filter the non-interact and non-invalid username related activity.

2 minutes

Creating an Alert on Invalid User Logon Attempts Hint
Video
Creating an Alert on Invalid User Logon Attempts Hint

Creating an Alert on Invalid User Logon Attempts Hint

In this video you are provided hints on creating an alarm to trigger when an invalid logon occurs.

2 minutes

Creating an Alert on Invalid User Logon Attempts Answer
Video
Creating an Alert on Invalid User Logon Attempts Answer

Creating an Alert on Invalid User Logon Attempts Answer

In this video you are provided the remaining information on creating the alarm to trigger when an invalid logon occurs.

5 minutes

Plans & pricing

Infosec Skills Personal

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps