While Splunk at least does have a free version, and is one of the most well-known SIEM products on the market, I decided to use an alternative option called Elastic that is free, opensource, and light enough to squeeze into my home lab. There are a bunch of popular (and expensive) SIEMs on the market such as Splunk and LogRhythm that are meant for enterprise environments but my use case is for a small home lab and I don’t have the hardware (or the $$$) for an elaborate enterprise application. DevOps tools such as Vagrant and Ansible are great for this kind of work and while I do have some experience with these tools I do not currently have a fully functional, end-to-end setup in place - that will have to wait for a future blog post :) Most of the setup in these guides will be manual but there are alternative (and better) ways to build all this stuff using automation. The series will be broken out into the following parts:įor those who want to follow along I am going to make a bunch of assumptions about your skills and technical expertise - namely that you have a basic understanding of IT fundamentals and that you know what a SIEM is. I say ‘Purple’ because while the emphasis will be on ‘Blue Team’ activities we will also need to use ‘Red Team’ techniques to populate our SIEM with relevant data. This is the first of a multi-part series on building a SIEM lab and training with ‘Purple Team’ skills. Thumbnail image "Computer Data Output" by JoshuaDavisPhotography is licensed under CC BY-SA 2.0
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |