Build a Powerful Home SIEM Lab Without Hassle! (Step by Step Guide)
HTML-код
- Опубликовано: 11 янв 2024
- Welcome to your one-stop guide for building a Free valuable Home SIEM Lab quickly and efficiently! This tutorial will help aspiring SOC analysts get practical experience without having the job yet.
Get Ahead in Your Cybersecurity Career: Practical experience is key in the cybersecurity field. This video provides you with actionable skills and knowledge.🚀
📒 Show Notes 📒
Simple Home Siem Lab Blog: / a-simple-elastic-siem-lab
So You Want to Be A SOC Analyst Blog post:
blog.ecapuano.com/p/so-you-wa...
GET SOC ANALYST EXPERIENCE RUclips VIDEO:
• Master SOC Analyst Ski...
Virtual Box Download
www.virtualbox.org/wiki/Downl...
Kali VM Download
www.kali.org/get-kali/#kali-p...
🚨 RESUME BULLETS: 🚨
Elastic Stack SIEM Configuration and Management: Successfully set up and configured Elastic Stack SIEM in a home lab environment. Demonstrated proficiency in deploying a Kali Linux VM, configuring Elastic Agents for log collection, and forwarding data to the SIEM for effective security event monitoring.
Security Event Simulation and Analysis: Acquired hands-on experience in generating and analyzing security events using Nmap on Kali Linux. Proficient in querying Elastic SIEM to identify and investigate security incidents, enhancing skills in network security monitoring and threat detection.
Visualization and Alerting in SIEM: Developed a custom dashboard in Elastic SIEM to visualize security events, demonstrating skills in data interpretation and pattern recognition. Successfully created and tested alert rules for detecting specific security events, showing competency in proactive incident response and alert management.
⏰ Markers
0:00 Preview
Simply Cyber's mission is to help purpose driven professionals make and and take a cybersecurity career further, faster.
📱 Social Media
Let's Connect: linktr.ee/SimplyCyber
🔥 The Best Free Cyber Resources
simplycyber.io/
📷 🎙 💡 MY STUDIO SETUP
kit.co/GeraldAuger/simply-cyb...
🙌🏼 Donate
Like the channel and got value? Please consider supporting the channel
www.buymeacoffee.com/SimplyCyber
😎 Merch 😎
👉🏼 Simply Cyber Branded Gear: www.simplycyber.io/store
Disclaimer: All content reflects the thoughts and opinions of Gerald Auger and the speakers themselves, and are not affiliated with the employer of those individuals unless explicitly stated. 
Наука
This is awesome. I initially thought building a SIEM was actually never possible as an entry level SOC analyst. Thank you
Probably the most concise, easy-to-follow home SOC lab setup I have seen so far. Kudos to Gerry Auger and to Abdullahi Ali for trying to make these highly marketable cybersecurity skills available to as many people as possible 🙏🏼
that was the goal so NAILED IT! thx for the comment.
I seriously need to start building my labs so I can get some “experience” under my belt. I need a tech job like yesterday.
have you tried it?
As a newbie in the SOC pathway, This is amazingly so simple to follow. A capital THANK YOU to you!
Loved the video definitely gonna do it when I get home and play with this one to. Thanks.
As someone who was forced to change career paths and decided to go with IT you are a saint. I'll be sure to check out more videos. Thank you.
Thx. Really great compliment. 💙
This is amazing! I’m going to add this to my Home Lab. I am already using Elastic in my SOC Analyst course with HTB. Thank you Dr. Auger for creating this video and sharing it!
How is going?
Fantastic! I know how I’ll be spending my weekend ❤
Great video with actual walk through visual instruction. The speed was great too, just knowledge and no fluff. Thank you. Subscribed
The fluff videos kind of annoy me when I’m trying to get info so I’m not into it, despite the almighty algorithm
Thanks so much! Dr Auger! Very nice and concise video!
This is exactly what i needed!
YOU ARE HIM Dr. G! Thanks!
Employers are looking for candidates with hands-on experience. With home lab projects like this, you can build this experience at home outside of any enterprise environment. These activities are _more important_ than certifications or even degrees to Hiring Managers. People at three large companies each told me that. So get crackin
Loved It. Excellent
It's near impossible that ELK and no-hassle fit in one sentence, thanks to you
Patience and persistence are required. Careful, adherence to the instructions on the blogpost (link provided in the description). GA's overview is a high level, fast paced overview and Elastic's website layout has changed. Pay specific attention to the steps of adding the integration, installing the agent, and allowing the agent to be enrolled in Fleet. Very important to allow time for the agent to report the processes from the host to the Elastic Cloud. The results are not as fast as would seem in the video. Don't rush and keep trying! Thanks SC!
I am happy you exist.
You are doing great Gerald, Thanks for these invaluable resources.
Great video, love your content and the cyber threat briefing every morning. If anyone goes to integrate and none of them appear try signing out and back in and it works.
Thank you for kind words and thx for tip on lab for others
Great content.
First tutorial video I didn't have to fast forward thu
Good morning everyone! Nothing better than sharing and learning! Love it, love it, LOVE IT!!!❤🎉
This is my favorite RUclips channel!
YASSSS!!!! Thank you for making my day! 💙
COOL!
Thank you, Dr. Auger! Not sure if it was just me, but event.action: "nmap_scan" didn't fire any alerts. I replaced with process.name: "nmap" which triggered alerts and sent an email.
#TeamSimplyCyber!
Well done, now how deep does this rabbit hole go? Just remember to keep following that white rabbit neo!
Sir expecting more siem lab tutorials❤
#TeamSC
Am I the only one not getting alerts? I set up the alerts and everything exactly as the video states and I have yet to get an alert or email from performing a Nmap scan
Hell yes gerry guy, i’m doing this soon
Don't do anything soon. if you want to do something put a date on it. Soon to some software devs is 2.5 years of soon.
Thank you.
You're welcome!
Thank you for this tutorial ❤
question on installing, when installing Kali, am i installing Vmware or virtualbox? i already have oracle vm virtualbox?
Is anyone else having trouble setting that "Easy Lab" setup? On the "Install Elastic Agent" step I keep getting a stall and it states "Confirm agent enrollment" "Listening for agent" and there's an infinite scrolling wheel. I asked Chatgpt and it states my settings are probably misconfigured. If anyone has any suggestions or know the fix I will greatly appreciate it.
There goes my weekend. 😂Let’s go!! #TeamSC
is elastic lab actually used in a professional setting or just for testing and building home labs?
My fleet agent is not getting connected and the status is showing "listening" but not getting confirmed..What might be the problem please help me
the only issue i had i could not find custom query in my options :/
I followed every step to a T yet when I set up an email alert for "sudo -sv localhost" and ran the command line I get no email? Any tips on this?
I also had an issue getting the email to fire. Suggest using a web book and validating the alert is firing to try and isolate the issue
The process.args: nmap logs are not showing up on ES. I did everything just like the video up to that point. I've been stuck with this issue for several days now...
I had the same issue. It turns out, when I installed the Elastic agent, I didn't finish the process by adding the integration, and confirming incoming data. The remaining two steps are on the same page as the Elastic agent install.
Thank you@@Kaiomonchi
not able to see nmap details , do we need to setup anything on ES to read
I had the same issue. It turns out, when I installed the Elastic agent, I didn't finish the process by adding the integration, and confirming incoming data. The remaining two steps are on the same page as the Elastic agent install.
Great video! Late comment but, how long does the free version can be used?
It’s been a minute but I think 7 or 14 days. I can’t recall but enough you can make it happen in a weekend
What do you use to highlight and make the arrow?.
Zoom it by by systernals. It’s in Microsoft website. It’s awesome
siiiixkkkkkk
Do Something with wazuh
how did you get the email to fire off at 9:13? In the video it looks like it was cut off and i didn't get to see exactly what you did.
Thx for asking. I didn’t get the email and couldn’t troubleshoot it for the video. I thought I left a comment in there saying the email didn’t arrive but I guess it didn’t make the final vid. I would set it up w web hooks if I’m being practical since it’s more flexible and you would see it in practice (fire off a slack msg for example)
Slack is awsome for this because its so easy to set up a slack instance and then view the alerts on say your phone.
Having trouble doing with a Mac. I know it has to do with the linux distribution.
89
I'm having trouble getting the rule for Nmap. I can get process.args:, but nap doesn't show up for me. Please advise.
same here
I couldn't get past the Elastic install point
I'm wondering if its possible to build this lab on prem (vs using the cloud)?
It is, but you need more hardware and configuration. Check out graylog or ELK stacks.
Remarkable Man, Thanks, but slow down a bit. Are you in a rush or something else?
This is good for people that are starting with Cybersecurity or prior "experience"/background is necessary?
No experience is needed to setup, but prior knowledge is needed to know what you’re looking at and what it means in the siem. Mostly networking and operating system prior knowledge
I'm back and ready to spend time to learn and earn experience. Currently starting my major in cybersecurity and want to earn experience at the same time to build my resume.
Maybe it worked before but doesn’t work anymore. Doesn’t installs
Who's actually been able to get this SIEM to work? I haven't. After a successful agent install and nmap scans, nothing is being reported to the Logs about the scans.
Even i am having trouble seeing the logs. But if you go to discover you will find timestamps of the data, and that means the thing is working
@@eshajadoun5743 I'm glad to see that I'm not the only person who was having trouble and it wasn't just a newbie mistake but Yeah, I've just been messing around with it and setup a Kali VM and Windows VM as well as a honeypot and I've been seeing data being ingested over the last couple of days.
same here. Have you been able to figure out the solution? Thanks in advance
@@giangphamngocchau8516 Hi, I never finished "this" lab but I did pay for the course and the course is worth it.
I had the same issue. It turns out, when I installed the Elastic agent, I didn't finish the process by adding the integration, and confirming incoming data. The remaining two steps are on the same page as the Elastic agent install.
This is very interesting, but you really talk fast.
Nah! Sorry “Doc” lol, anyone in 2024 thinking it’s a good idea sticking with ES is an idiot or is selling licenses. They screwed the pooch dude going that route. Folks, you can do this and more with 100% FOSS. Plenty of OSS SIEMs and log management the whole stack, etc. The list is huge. Why would you use ES for this in a lab? Beats me.
The ease of setup lowers the barrier to entry for learning. Maybe not a great solution for enterprise or long term (i'm not sure what evaluation you are basing your assessment on), but for a student lab and learning quickly, i think its a good fit.
I find Wazuh ideal for this scenario, and it can be completely on-premise. Fantastic documentation too!
Enterprise is far more complex with understanding data classification and policies to allow the use to send this type of data to the provider (in this case ES). Sure for a homelab and getting an idea of how a SIEM is suppose to work is an accurate point, but using this "as a point on your resume" is a bit of a stretch.
Perfectly Curated
A lot of people don't know what SIEM is, so won't click your vid, dood.
Thx. When ppl learn what a siem is and then need skills on one the video will be here waiting for them.
@@SimplyCyber I watched. I appreciate the fast info-packed video. Learned a lot in 13 minutes. Great job. :)
I think if someone is here and doesn't know what's SIEM, he's in the wrong place.
Those who would be interested and capable of doing so, do know what SIEM is...
He is literally explaining it in the video and you click on stuff your interested in so whats your point