SIEM 101 — Introduction

a preview of Logz.io

In the following days, I’ll write a few blog posts explaining how to easily learn to use a Security Information and Event Management, or SIEM.

But what is a SIEM? As Varonis puts it:

Security Information and Event Management (SIEM) is a software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure.

SIEM collects security data from network devices, servers, domain controllers, and more. SIEM stores, normalizes, aggregates, and applies analytics to that data to discover trends, detect threats, and enable organizations to investigate any alerts.

Source: https://www.varonis.com/blog/what-is-siem/

To do this, I wrote the post SIEM 101 — Initial setup where I explain how to create an account on Logz.io; they offer a free account where you can send up to 1 GB / day of logs to try their platform. Time needed: around 2 minutes.

Still in the post SIEM 101 — Initial setup, I then explain how to send your logs there, whether you’re on Windows or on Linux. Time needed: around 5–10 minutes.

After that, I’ll explain the basic usage of Logz.io, how to search logs, how to create an alarm, etc. Time needed: around 30 minutes.

When all this is done, the scene will be in place to start writing blogs on detection cases, for example: receive an alert if Windows is brute forced, receive an alert if a failed logon happened on your WordPress server, etc.

I’ll eventually talk about the scripts I developed that uses Logz.io to automatically block bad IPs on my servers.

For the most advanced users, you’ll then be able to discover some useful tools the community provides, like the Sigma rules.

Follow me in my next post: SIEM 101 — Initial setup

--

--

--

Passionate about information security, development and technology in general, I like to share my experience with different technologies. I also love travel!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

RootMe TryHackMe Writeup

100 Days of Code — Day 22–23: Struggles in Machine Learning

What is Software Visualization?

Computing the Dual

HTTP/2 What is it & Why should we care?

Android testing: AWS Device Farm vs Firebase TestLab

Flutter 2.0, what a huge release!

What is DevOps?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tristan Dostaler

Tristan Dostaler

Passionate about information security, development and technology in general, I like to share my experience with different technologies. I also love travel!

More from Medium

Source {TryHackMe}

Cybersecurity is a serious matter… even if you think you don’t matter.

How To Connect Cisco Switch Using Console Cable & Putty Software

gcpHound v2.0 : Django Web UI To Analyze IAM Permissions