SEM01F - SIEM and Tactical Analysis (separate registration is required)

Monday, May 01 | 8:30AM–4:30PM | Denver Ballroom 4-6, Lower Level 2
Session Type: Additional Fee Program
Delivery Format: Preconference Seminar
Many organizations have logging capabilities but lack the people and processes to do analysis. In addition, logging systems collect vast amounts of data from a variety of data sources, requiring an understanding of the sources for proper analysis. This seminar is designed to provide training, methods, and processes for enhancing existing logging solutions. It will also provide an understanding of the when, what, and why behind the logs. This course uses SOF-ELK, a SANS sponsored free SIEM solution, to demonstrate and build experience that provides the mindset for large-scale data analysis.

Outcomes: Understand and apply SIEM use, architecture, and best practices * Enhance logs to obtain added value and correlation capabilities * Detect adversaries by using their own tactics against them


  • Lightforge Henderson

    Instructor and Course Author, The SANS Technology Institute