This document discusses using a SIEM (Security Information and Event Management) solution to detect cyber threats in real-time or from historical data. It describes setting up a SIEM solution in a home lab to integrate various components that provide security information and event management. The goal is to discover the best way to detect threats on networks using artificially intelligent SIEM tools by analyzing data logs and enabling threat hunting and forensics.
2. Contents
1. PROBLEM STATION AND PURPOSE -
3
2. INTRODUCTION
- 4-5
3. TOPOLOGY
- 6-7
4. SOC OPERATIONS PROCESS
- 8
5. DEMO
- 9
6. SOAR 2
3. Problem and Purpose
The Purpose: It's really challenging for organizations to prevent threats and
malicious behavior on Cloud networks.
It increased the need for frequent analysis of data logs for Threat Hunting and
Forensics.
Problem: The main problem is that the attackers are continuously changing their
behaviors, thus making it hard anomalies in the existing systems.
This project aims to discover the best possible way to detect cyber threats on neural
networks in real-time or on historical data by making use of artificially intelligent
Security Information and Event Management (SIEM) solutions
3
4. ● A SIEM (Security Incident Event Management) solution consists of a number
of components that are able to provide a solution for Security Information
Management (SIM) and Security Event Management (SEM)
● In this project, we have tried to integrate a SIEM solution in our home lab.
● This project aims to discover the best possible way to detect cyber threats on
neural networks in real-time or on historical data by making use of artificially
intelligent Security Information and Event Management (SIEM) solutions.
INTRODUCTION
4