Build a Powerful Home SIEM Lab Without Hassle! (Step by Step Guide)
ฝัง
- เผยแพร่เมื่อ 11 ม.ค. 2024
- Welcome to your one-stop guide for building a Free valuable Home SIEM Lab quickly and efficiently! This tutorial will help aspiring SOC analysts get practical experience without having the job yet.
Get Ahead in Your Cybersecurity Career: Practical experience is key in the cybersecurity field. This video provides you with actionable skills and knowledge.🚀
📒 Show Notes 📒
Simple Home Siem Lab Blog: / a-simple-elastic-siem-lab
So You Want to Be A SOC Analyst Blog post:
blog.ecapuano.com/p/so-you-wa...
GET SOC ANALYST EXPERIENCE TH-cam VIDEO:
• Master SOC Analyst Ski...
Virtual Box Download
www.virtualbox.org/wiki/Downl...
Kali VM Download
www.kali.org/get-kali/#kali-p...
🚨 RESUME BULLETS: 🚨
Elastic Stack SIEM Configuration and Management: Successfully set up and configured Elastic Stack SIEM in a home lab environment. Demonstrated proficiency in deploying a Kali Linux VM, configuring Elastic Agents for log collection, and forwarding data to the SIEM for effective security event monitoring.
Security Event Simulation and Analysis: Acquired hands-on experience in generating and analyzing security events using Nmap on Kali Linux. Proficient in querying Elastic SIEM to identify and investigate security incidents, enhancing skills in network security monitoring and threat detection.
Visualization and Alerting in SIEM: Developed a custom dashboard in Elastic SIEM to visualize security events, demonstrating skills in data interpretation and pattern recognition. Successfully created and tested alert rules for detecting specific security events, showing competency in proactive incident response and alert management.
⏰ Markers
0:00 Preview
Simply Cyber's mission is to help purpose driven professionals make and and take a cybersecurity career further, faster.
📱 Social Media
Let's Connect: linktr.ee/SimplyCyber
🔥 The Best Free Cyber Resources
simplycyber.io/
📷 🎙 💡 MY STUDIO SETUP
kit.co/GeraldAuger/simply-cyb...
🙌🏼 Donate
Like the channel and got value? Please consider supporting the channel
www.buymeacoffee.com/SimplyCyber
😎 Merch 😎
👉🏼 Simply Cyber Branded Gear: www.simplycyber.io/store
Disclaimer: All content reflects the thoughts and opinions of Gerald Auger and the speakers themselves, and are not affiliated with the employer of those individuals unless explicitly stated. - วิทยาศาสตร์และเทคโนโลยี
Probably the most concise, easy-to-follow home SOC lab setup I have seen so far. Kudos to Gerry Auger and to Abdullahi Ali for trying to make these highly marketable cybersecurity skills available to as many people as possible 🙏🏼
that was the goal so NAILED IT! thx for the comment.
I seriously need to start building my labs so I can get some “experience” under my belt. I need a tech job like yesterday.
Loved the video definitely gonna do it when I get home and play with this one to. Thanks.
This is awesome. I initially thought building a SIEM was actually never possible as an entry level SOC analyst. Thank you
Great video with actual walk through visual instruction. The speed was great too, just knowledge and no fluff. Thank you. Subscribed
The fluff videos kind of annoy me when I’m trying to get info so I’m not into it, despite the almighty algorithm
Fantastic! I know how I’ll be spending my weekend ❤
This is amazing! I’m going to add this to my Home Lab. I am already using Elastic in my SOC Analyst course with HTB. Thank you Dr. Auger for creating this video and sharing it!
How is going?
This is exactly what i needed!
As a newbie in the SOC pathway, This is amazingly so simple to follow. A capital THANK YOU to you!
Thanks so much! Dr Auger! Very nice and concise video!
As someone who was forced to change career paths and decided to go with IT you are a saint. I'll be sure to check out more videos. Thank you.
Thx. Really great compliment. 💙
It's near impossible that ELK and no-hassle fit in one sentence, thanks to you
YOU ARE HIM Dr. G! Thanks!
You are doing great Gerald, Thanks for these invaluable resources.
Good morning everyone! Nothing better than sharing and learning! Love it, love it, LOVE IT!!!❤🎉
Loved It. Excellent
Great video, love your content and the cyber threat briefing every morning. If anyone goes to integrate and none of them appear try signing out and back in and it works.
Thank you for kind words and thx for tip on lab for others
First tutorial video I didn't have to fast forward thu
Thank you, Dr. Auger! Not sure if it was just me, but event.action: "nmap_scan" didn't fire any alerts. I replaced with process.name: "nmap" which triggered alerts and sent an email.
This is my favorite TH-cam channel!
YASSSS!!!! Thank you for making my day! 💙
Employers are looking for candidates with hands-on experience. With home lab projects like this, you can build this experience at home outside of any enterprise environment. These activities are _more important_ than certifications or even degrees to Hiring Managers. People at three large companies each told me that. So get crackin
I am happy you exist.
Great content.
Thank you for this tutorial ❤
COOL!
Sir expecting more siem lab tutorials❤
question on installing, when installing Kali, am i installing Vmware or virtualbox? i already have oracle vm virtualbox?
Thank you.
You're welcome!
Well done, now how deep does this rabbit hole go? Just remember to keep following that white rabbit neo!
#TeamSimplyCyber!
is elastic lab actually used in a professional setting or just for testing and building home labs?
not able to see nmap details , do we need to setup anything on ES to read
Is anyone else having trouble setting that "Easy Lab" setup? On the "Install Elastic Agent" step I keep getting a stall and it states "Confirm agent enrollment" "Listening for agent" and there's an infinite scrolling wheel. I asked Chatgpt and it states my settings are probably misconfigured. If anyone has any suggestions or know the fix I will greatly appreciate it.
Hell yes gerry guy, i’m doing this soon
Don't do anything soon. if you want to do something put a date on it. Soon to some software devs is 2.5 years of soon.
Having trouble doing with a Mac. I know it has to do with the linux distribution.
89
#TeamSC
My fleet agent is not getting connected and the status is showing "listening" but not getting confirmed..What might be the problem please help me
I followed every step to a T yet when I set up an email alert for "sudo -sv localhost" and ran the command line I get no email? Any tips on this?
I also had an issue getting the email to fire. Suggest using a web book and validating the alert is firing to try and isolate the issue
This is good for people that are starting with Cybersecurity or prior "experience"/background is necessary?
No experience is needed to setup, but prior knowledge is needed to know what you’re looking at and what it means in the siem. Mostly networking and operating system prior knowledge
There goes my weekend. 😂Let’s go!! #TeamSC
the only issue i had i could not find custom query in my options :/
What do you use to highlight and make the arrow?.
Zoom it by by systernals. It’s in Microsoft website. It’s awesome
Remarkable Man, Thanks, but slow down a bit. Are you in a rush or something else?
I'm wondering if its possible to build this lab on prem (vs using the cloud)?
It is, but you need more hardware and configuration. Check out graylog or ELK stacks.
I'm having trouble getting the rule for Nmap. I can get process.args:, but nap doesn't show up for me. Please advise.
same here
I couldn't get past the Elastic install point
Who's actually been able to get this SIEM to work? I haven't. After a successful agent install and nmap scans, nothing is being reported to the Logs about the scans.
Even i am having trouble seeing the logs. But if you go to discover you will find timestamps of the data, and that means the thing is working
@@eshajadoun5743 I'm glad to see that I'm not the only person who was having trouble and it wasn't just a newbie mistake but Yeah, I've just been messing around with it and setup a Kali VM and Windows VM as well as a honeypot and I've been seeing data being ingested over the last couple of days.
Do Something with wazuh
how did you get the email to fire off at 9:13? In the video it looks like it was cut off and i didn't get to see exactly what you did.
Thx for asking. I didn’t get the email and couldn’t troubleshoot it for the video. I thought I left a comment in there saying the email didn’t arrive but I guess it didn’t make the final vid. I would set it up w web hooks if I’m being practical since it’s more flexible and you would see it in practice (fire off a slack msg for example)
Slack is awsome for this because its so easy to set up a slack instance and then view the alerts on say your phone.
GM SimplyCyber Fam 🎉🎉🎉
Space🌮Tacos!!! Great to see you here 😊 What an amazing vid, eh? The most concise home SOC lab setup I’ve come across to date… kudos to Gerry and Abdullahi Ali for putting together a tight, easy-to-follow setup 🎉
siiiixkkkkkk
This is very interesting, but you really talk fast.
Nah! Sorry “Doc” lol, anyone in 2024 thinking it’s a good idea sticking with ES is an idiot or is selling licenses. They screwed the pooch dude going that route. Folks, you can do this and more with 100% FOSS. Plenty of OSS SIEMs and log management the whole stack, etc. The list is huge. Why would you use ES for this in a lab? Beats me.
The ease of setup lowers the barrier to entry for learning. Maybe not a great solution for enterprise or long term (i'm not sure what evaluation you are basing your assessment on), but for a student lab and learning quickly, i think its a good fit.
I find Wazuh ideal for this scenario, and it can be completely on-premise. Fantastic documentation too!
Enterprise is far more complex with understanding data classification and policies to allow the use to send this type of data to the provider (in this case ES). Sure for a homelab and getting an idea of how a SIEM is suppose to work is an accurate point, but using this "as a point on your resume" is a bit of a stretch.
Perfectly Curated
A lot of people don't know what SIEM is, so won't click your vid, dood.
Thx. When ppl learn what a siem is and then need skills on one the video will be here waiting for them.
@@SimplyCyber I watched. I appreciate the fast info-packed video. Learned a lot in 13 minutes. Great job. :)
I think if someone is here and doesn't know what's SIEM, he's in the wrong place.
Those who would be interested and capable of doing so, do know what SIEM is...
He is literally explaining it in the video and you click on stuff your interested in so whats your point