Many organizations have logging capabilities but lack the people and processes to do analysis. In addition, logging systems collect vast amounts of data from a variety of data sources, requiring an understanding of the sources for proper analysis. This seminar is designed to provide training, methods, and processes for enhancing existing logging solutions. It will also provide an understanding of the when, what, and why behind the logs. This course uses SOF-ELK, a SANS sponsored free SIEM solution, to demonstrate and build experience that provides the mindset for large-scale data analysis.
Outcomes: Understand and apply SIEM use, architecture, and best practices * Enhance logs to obtain added value and correlation capabilities * Detect adversaries by using their own tactics against them
Instructor and Course Author, The SANS Technology Institute