Summary
Keywords
Full Transcript
SIEM tutorial, Practical Burn Down Session in 25 minutes. This is the very first video in YouTube where you will actually learn sending logs to SIEM and lot more! Check Out Day-7 here- https://youtu.be/6DPmzXXVo_M for installing SIEM in your home Lab. Continuing with our Incident Response Training, today is Day 8 and we will discuss almost everything you need to know about SIEM and I will show you how can you perform all of the admin activities so that you can be well prepare with You SIEM Lab and pratcice at home, also you can apply them in your work at organization. In our previous Episode of Day 7, I have shown you how to set up your SIEM tool and install them, but this session will be more technical in terms of understanding the basic admin activities in SIEM. We have taken QRadar as a tool and will show you below things- 1. How to send syslog logs in QRadar. 2. How to install DSM Parsers 3. How to create custom event properties and parse the raw logs. 4. How to create log source 5. At last we will show you some alerts/offenses as well. So, stick around till the end if you really want to be MASTER in SIEM and QRadar. There is huge amount of information, training available on internet which talks about the same and at times you become overwhelmed and can't decide what is the right choice for me if I want to start my career in Security Operations Centre and want a role in Incident Response. So I have developed this full series to stay focused on the basic areas someone must be aware of to kick of SOC journey! Hence I recommend you to visit the full list one by one to have a solid idea of SOC Beginner level skills and requirements. ------------------------------------------------------------------------------------------------------------------------- π Check out Incident Response Full Training Courseπ https://bit.ly/2OKQaFP πLINKS FOR YOUR REQUIREMENTS- ------------------------------------------------------------------------------------------------------------------------- πFix that we applied at first- https://www.ibm.com/support/pages/node/6395080 πQRadar Community Edition- https://www.ibm.com/community/qradar/ce/ πLog File Samples- https://bit.ly/3gaxVTK πDFIR Tools Repo- https://github.com/archanchoudhury/DFIR-Tools π₯π₯π₯π₯π₯ Check-out my Free InfoSec Resource Fusion- https://bit.ly/3vOFarG π₯π₯π₯π₯π₯ WATCH BELOW AS WELL π₯π₯π₯π₯π₯ ------------------------------------------------------------------------------------------------------------------------- IR Flash π https://youtu.be/6kOinwAB-BY How to write Regex π https://youtu.be/5jMCe5Gs9Gg Linux Memory Forensics π https://youtu.be/eK-Y6MyMKVE Check out Malware Investigation Part1π https://youtu.be/E86wyomzDjs Check out Malware Investigation Part2π https://youtu.be/D3inDM8kM-Y BlackPerl Forensics Episodesπ https://bit.ly/3pgpqsG Decoding JavaScript codes for Incident Responseπ https://youtu.be/rot9cDW9SYA Lean Yara Here π https://youtu.be/DI5zV_vGJC0 β Timelines ------------------------------------------------------------------------------------------------------------------------- 0:00 β© Intro 1:13 β© Verify Log Activity Tab 2:54 β© Apply Patch 4:11 β© Ship Syslog Bundle 8:12 β© Push Syslog 11:46 β© Create DSM Parsers 14:57 β© Create Log Source in Console 18:01 β© Create RegEx 20:34 β© Create Offense/Alerts 23:44 β© Summarize & What's NEXT? ππ² FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- β LinkedIn: https://www.linkedin.com/company/blackperl β You can reach out to me personally in LinkedIn as well- https://bit.ly/38ze4L5 β Twitter: @blackperl_dfir β Insta: (blackperl_dfir)https://www.instagram.com/blackperl_dfir/ β Can be reached via [email protected] SUPPORT BLACKPERL ------------------------------------------------------------------------------------------------------------------------- βββ¦βββ¦ββββ¦ββ¦β¦β¦β¦ββββ βββ£βββββ£ββ£ββ£ββ£βββ£ββ£ β βββββββ ββββ£βββββββ£ βββ©βββ©ββ©ββ©ββ©βββ©ββ©ββ β‘οΈ SUBSCRIBE, Share, Like, Comment β Buy me a Coffee π https://www.buymeacoffee.com/BlackPerl π§ Sponsorship Inquiries: [email protected] ------------------------------------------------------------------------------------------------------------------------- π Thanks for watching!! Be CyberAware!! π€
