SEIM
-
I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.
I want to set up a SEIM on my home network so I can be used to it's operations and how it works by the time I start messing with Pentesting stuff. Then I'm going to use it to try and track myself when I pentest myself.
I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).
I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I'd rather be as close to "baby's first SEIM" as possible or at least have a robust how-to guide.
What do you suggest?
-
System shared this topic on
-
I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.
I want to set up a SEIM on my home network so I can be used to it's operations and how it works by the time I start messing with Pentesting stuff. Then I'm going to use it to try and track myself when I pentest myself.
I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).
I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I'd rather be as close to "baby's first SEIM" as possible or at least have a robust how-to guide.
What do you suggest?
SEIM? Do you mean SIEM, Secure Information and Event Management?
-
I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.
I want to set up a SEIM on my home network so I can be used to it's operations and how it works by the time I start messing with Pentesting stuff. Then I'm going to use it to try and track myself when I pentest myself.
I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).
I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I'd rather be as close to "baby's first SEIM" as possible or at least have a robust how-to guide.
What do you suggest?
Just a suggestion but take a look at this list… all of them should be either open source or at least free (trials, lite versions, etc.).
Find out what you use at work and see if there’s a trial version or if they use open source.
If not most of these tools are known and you may be able to find help online (forums, Lemmy, Reddit, etc.).
-
SEIM? Do you mean SIEM, Secure Information and Event Management?
Yes! Gods damn it. I had that up an everything on my second monitor.
-
I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.
I want to set up a SEIM on my home network so I can be used to it's operations and how it works by the time I start messing with Pentesting stuff. Then I'm going to use it to try and track myself when I pentest myself.
I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).
I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I'd rather be as close to "baby's first SEIM" as possible or at least have a robust how-to guide.
What do you suggest?
I suggest skipping the devops part and instead starting with a course. If you go with setting it up you will probably spend 95% of the time doing devops and not security (which is usually the client of the devops team that maintains the SIEM)
-
I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.
I want to set up a SEIM on my home network so I can be used to it's operations and how it works by the time I start messing with Pentesting stuff. Then I'm going to use it to try and track myself when I pentest myself.
I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).
I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I'd rather be as close to "baby's first SEIM" as possible or at least have a robust how-to guide.
What do you suggest?
Wazuh is popular. It's in use by name brand companies and is FOSS.
-
I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.
I want to set up a SEIM on my home network so I can be used to it's operations and how it works by the time I start messing with Pentesting stuff. Then I'm going to use it to try and track myself when I pentest myself.
I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).
I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I'd rather be as close to "baby's first SEIM" as possible or at least have a robust how-to guide.
What do you suggest?
Wazuh if you want a product instead of building it from scratch.
I'd give Greenbone a try too, I think it's most analogous to Nessus.
-
Yes! Gods damn it. I had that up an everything on my second monitor.
You can edit your posts, you know
-
You can edit your posts, you know
Thanks! I'm still on reddit brain.
-
I suggest skipping the devops part and instead starting with a course. If you go with setting it up you will probably spend 95% of the time doing devops and not security (which is usually the client of the devops team that maintains the SIEM)
Got any recs? I can generally talk my company into paying for most anything education wise, but Udemy style courses work with my ADHD the best.
-
Got any recs? I can generally talk my company into paying for most anything education wise, but Udemy style courses work with my ADHD the best.
Nothing that comes to mind, but simple search of the SIEM you are going to use in youtube and pirate bay should provide some good starters
-
I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.
I want to set up a SEIM on my home network so I can be used to it's operations and how it works by the time I start messing with Pentesting stuff. Then I'm going to use it to try and track myself when I pentest myself.
I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).
I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I'd rather be as close to "baby's first SEIM" as possible or at least have a robust how-to guide.
What do you suggest?
I would look at CISA’s Logging Made Easy project, which is based on Wazuh and Elastic with Kibana for visualization and dashboards.
-
I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.
I want to set up a SEIM on my home network so I can be used to it's operations and how it works by the time I start messing with Pentesting stuff. Then I'm going to use it to try and track myself when I pentest myself.
I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).
I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I'd rather be as close to "baby's first SEIM" as possible or at least have a robust how-to guide.
What do you suggest?
-
System shared this topic on
