Security Information and Event Management («SIEM»)

• Understanding the role of a SIEM in one's cyber security strategy
• Building a simple SIEM infrastructure
• Identifying suspicious activities by means of self-developed search queries
• Implementing what you have learned in your own company
• Implementing a SIEM system

A security information and event management system (SIEM) allows cyber attacks on one's own IT landscape to be actively detected in order to be able to respond to them appropriately. Thus, a SIEM is a central component of a cyber security strategy. 

1 Introduction to SIEM

• Getting to know the role and function of a SIEM in a company to expand the defense strategy in IT security
• Discussion of different approaches and strategies in integration and operation
• Challenges and stumbling blocks in implementing and building a SIEM in the enterprise

2 Setting up a SIEM

• Setting up and running a SIEM in a lab environment
• Introduction to log management
• Connection of IT systems to the SIEM

3 SIEM in use

• Creating your own and applying predefined search queries
• Application of search queries to identify suspicious activities
• Creating custom dashboards
• Setting up automatic alerts

This workshop will use and look at Elastic's free solution.

Interactive face-to-face instruction with live demos and hands-on exercises in a lab environment

This course is designed for IT security managers, IT staff, IT directors, security officers, security architects, security analysts, cyber threat investigators, and those working to implement continuous security monitoring or networking. 

Solid knowledge of networking and TCP/IP protocols is required. Furthermore, experience in dealing with common operating systems (Windows and Linux), preferably on command line level, as well as experience in setting up computer systems and networks, is an advantage.