Project

SIEM Architecture and Process Project

Test your understanding of SIEM architecture and process in this project consisting of 5 challenges.
1 hour, 14 minutes
Start a Free Trial

Project Description

In this project we pick up where we left off with the hands-on activity for data processing. We will take a use case surrounding invalid user logon attempts and standardize our username field, visualize our data with a dashboard, enrich our data with last known user information, and create an alert that triggers with the required information.

Contents

Project Overview and Challenge Documents

File - 00:10:00
The challenge files and other documents you will need to complete this project.
winlogbeat

File - 00:10:00
Virtual Box

File - 00:10:00
Graylog

File - 00:10:00
Standardizing the Username Field Hint

Video - 00:05:00
In this video you are provided hints on how to find the index field you will be required to alter, and how to navigate to a pipeline processing rule.
Standardizing the Username Field Answer

Video - 00:01:00
In this video you are provided the remaining information required to create the pipeline processing rule to begin standardizing the username field.
Creating an Alert on Invalid User Logon Attempts Hints

Video - 00:02:00
In this video you are provided hints on creating an alarm to trigger when an invalid logon occurs.
Creating an Alert on Invalid User Logon Attempts Answer

Video - 00:05:00
In this video you are provided the remaining information on creating the alarm to trigger when an invalid logon occurs.
Lookup Table Creation Hint

Video - 00:02:00
In this video you are provided hints on creating the lookup table required to enrich last successful logons on failed logons.
Last User Logon Search Criterion Hint

Video - 00:05:00
In this video you are provided hints to create search filter for the mapping of hostnames to last successful logons.
Last User Logon Data Enrichment Hint

Video - 00:03:00
In this video you are provided the remaining information for the search filter and provided hints to begin mapping hostnames to last successful logged on user.
Enriching Last User Logon to Failed Logon Hint

Video - 00:03:00
In this video you are provided the remaining information for mapping hostnames to last successful logged on user and hints on enriching failed logons with last known user information.
Enriching Last User Logon to Failed Logon Answer

Video - 00:02:00
In this video you are provided the remaining information to create the enrichment of last known username on invalid logon attempts.
Filtering Non-User Logons From Dashboard Hint

Video - 00:02:00
In this video you are provided hints on finding the information required to filter non-interactive and non-invalid username related activity.
Filtering Non-User Logons From Dashboard Answer

Video - 00:02:00
In this video you are provided the remaining information required to filter the non-interact and non-invalid username related activity.
Creating the Invalid User Logon Dashboard Hint

Video - 00:01:00
In this video you are provided hints to search for the specific data requirements to create your dashboard for invalid user logons.
Creating the Invalid User Logon Dashboard Answer

Video - 00:02:00
In this video you are provided with remaining information required to complete your invalid user logon dashboard.

Plans & pricing

Infosec Skills Personal

$299 / year

Buy Now 7-Day Free Trial
  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments
Start a Free Trial