SIEM Training

siem_training.md

SIEM Training

ATTENTION, THIS GIST ISN'T FREQUENTLY UPDATED

MAIN SOURCE: https://github.com/isaqueprofeta/cybersec-path

General

• Jose Bravo - What is a SIEM? (5 Vídeos): https://www.youtube.com/watch?v=MtqFMe4zSpQ&list=PLHh9jhztlMyp8lyKXt9orVM57ygW_ihPS
• IPPSec - PowerSIEM Analyzing Sysmon Events with PowerShell: https://www.youtube.com/watch?v=MvfhIydxFmw

AlienVault OSSIM

• Cybrary - AlienVault OSSIM: https://www.cybrary.it/course/alienvault-ossim/

Elastic

• Elastic - SIEM Fundamentals: https://www.elastic.co/training/elastic-security-fundamentals-siem

ArcSight (2 séries/paylists de vídeos)

• Paul Brettle - What is Series: https://youtube.com/playlist?list=PL_JhopV-r9zLigctFEOzic-af0sEuHZ-x
• Paul Brettle - ArcSight ESM 101: https://youtube.com/playlist?list=PL_JhopV-r9zIXDz0pX2dmSJvBGVkczF5y

QRadar

• Jose Bravo - QRadar (38 Vídeos): https://www.youtube.com/watch?v=P90e4iEJ32s&

Splunk

• Praveen - Splunk for beginners: https://youtu.be/lIQJMjSlY8U

Ok

Great

Cool

Thank you for the amazing post,,, I could have arrived too late,,, but Splunk links do not work.
Is there any possibility to update them?
Thank you

@amghumlosh you can try to see if https://education.splunk.com help you with what you need. Another "current" source is the course from Praveen: https://youtu.be/lIQJMjSlY8U

anyone have idea to collect log from api based not be forwarded syslogs .

and Siem event analysis by system event for finding file that have changed there file type from executive to pdf and bypassed DLP rules need to be monitored