Log Analysis: Using a SIEM
In this lab, you’ll practice how to ingest and use logs from multiple sources using a SIEM. When you’re finished, you’ll have the ability to process your own log data using open source tools..
Terms and conditions apply.
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
Ingest Log Data with a SIEM
During this challenge, you will learn how to ingest logs into the SIEM within the virtual environment. You’ll start by exploring the Elastic Stack Components within Security Onion, and will learn how to modify the configurations to ingest new data. You’ll then validate the data in the Security Onion instance of Kibana, and become acclimated with the web UI.
Search and Use Log Data with a SIEM
During this challenge, you will verify additional log sources for the SIEM, and explore additional ones to add from within the system. You’ll start out by ensuring that multiple sources of log data are being ingested, and configure any corresponding inputs, then add additional logs from the Security Onion system. Then, you will validate the data, and practice searching and using it within Kibana. You will also explore some of the prebuilt dashboards and visualizations for this data from Security Onion.
The Last Challenge
Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
- Basic Linux Knowledge