About This Course
In this course we will see how SIEM solutions can be implemented to set up robust Intrusion detection capabilities in an organization
This course covers many bases in the appropriate use of a SIEM platform to enrich readily available log data in enterprise environments and extract actionable intelligence. Learners then iterate through the log data and events to analyze key components that will allow them to learn how rich this information is, how to correlate the data, start investigating based on the aggregate data, and finally, how to go hunting with this newly gained knowledge. This course emphasizes the theory that a properly trained analyst uses an IDS alert as a starting point for examination of traffic and then investigate and reconstruct activity to deem if it is noteworthy or a false indication.