Project

SIEM Architecture and Process Project

    Syllabus

  • Enriching Last User Logon to Failed Logon Hint Video — 00:02:58
    • In this video you are provided the remaining information for mapping hostnames to last successful logged on user and hints on enriching failed logons with last known user information.

  • Last User Logon Search Criterion Hint Video — 00:04:38
    • In this video you are provided hints to create search filter for the mapping of hostnames to last successful logons.

  • Creating the Invalid User Logon Dashboard Answer Video — 00:01:32
    • In this video you are provided with remaining information required to complete your invalid user logon dashboard.

  • Standardizing the Username Field Answer Video — 00:00:57
    • In this video you are provided the remaining information required to create the pipeline processing rule to begin standardizing the username field.

  • Graylog File — 00:10:00
  • winlogbeat File — 00:10:00
  • Creating an Alert on Invalid User Logon Attempts Answer Video — 00:04:32
    • In this video you are provided the remaining information on creating the alarm to trigger when an invalid logon occurs.

  • Filtering Non-User Logons From Dashboard Answer Video — 00:02:17
    • In this video you are provided the remaining information required to filter the non-interact and non-invalid username related activity.

  • Enriching Last User Logon to Failed Logon Answer Video — 00:01:46
    • In this video you are provided the remaining information to create the enrichment of last known username on invalid logon attempts.

  • Last User Logon Data Enrichment Hint Video — 00:02:30
    • In this video you are provided the remaining information for the search filter and provided hints to begin mapping hostnames to last successful logged on user.

  • Lookup Table Creation Hint Video — 00:02:23
    • In this video you are provided hints on creating the lookup table required to enrich last successful logons on failed logons.

  • Creating the Invalid User Logon Dashboard Hint Video — 00:01:29
    • In this video you are provided hints to search for the specific data requirements to create your dashboard for invalid user logons.

  • Standardizing the Username Field Hint Video — 00:04:39
    • In this video you are provided hints on how to find the index field you will be required to alter, and how to navigate to a pipeline processing rule.

  • Virtual Box File — 00:10:00
  • Project Overview and Challenge Documents File — 00:10:00
    • The challenge files and other documents you will need to complete this project.

  • Creating an Alert on Invalid User Logon Attempts Hints Video — 00:02:07
    • In this video you are provided hints on creating an alarm to trigger when an invalid logon occurs.

  • Filtering Non-User Logons From Dashboard Hint Video — 00:01:42
    • In this video you are provided hints on finding the information required to filter non-interactive and non-invalid username related activity.

Syllabus

Project description

In this project we pick up where we left off with the hands-on activity for data processing. We will take a use case surrounding invalid user logon attempts and standardize our username field, visualize our data with a dashboard, enrich our data with last known user information, and create an alert that triggers with the required information.

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments