Uploaded byPutraChandra7
PPTX, PDF115 views

KS - Introduction to System Information and Security Management (SIEM).pptx

The document provides an overview of Security Information and Event Management (SIEM) and its importance in cybersecurity, outlining the roles of red teams and blue teams in managing security threats. It describes various security standards organizations can adopt and emphasizes the benefits of using SIEM tools, such as real-time threat detection and regulatory compliance. The document also introduces the Wazuh SIEM tool, detailing setup instructions and additional security tools relevant to maintaining cybersecurity.

Embed presentation

Download to read offline
Introduction to System Information and Security Management (SIEM) PT Flexi Integrasi Digdaya © 2024
Pahrial MS ● CompTIA PenTest+ ce ● Microsoft Certified Trainer ● Certified OpenStack Administrator
1. Security Team 2. Security Standard 3. What is SIEM? 4. Why use SIEM? 5. Wazuh SIEM Tool Agenda System Information and Security Management (SIEM)
Security Team Red Team vs Blue Team
Red Team The red team is made up of offensive security experts who try to attack an organization’s cybersecurity defenses. Example Task: 1. Penetration testing to which help to find vulnerabilities before bad guy doing it 2. Social Engineering to manipulate others to give information and credentials Reference: https://www.crowdstrike.com/cybersecurity-101/red-team-vs-blue-team/
Blue Team The blue team defends against and responds to the red team attack or from real attack. Example Task: 1. Create security strategy across people, tools, and technology 2. Analyze system to identify dangerous treats and give quick response accordingly 3. Hardening system to reduce attack surface 4. Incident response to recover from security breach Reference: https://www.crowdstrike.com/cybersecurity-101/red-team-vs-blue-team/
Security Standard
Security Standards An organization can create their own security standards or rely on existing ones: 1. Center for Internet Security Benchmarks (CIS Benchmarks) 2. National Institute of Standards and Technology Special Publication 800-53 (NIST SP 800-53) 3. Payment Card Industry Data Security Standard (PCI DSS) 4. General Data Protection Regulation (GDPR) 5. Health Insurance Portability and Accountability Act (HIPAA)
System Information and Security Management (SIEM)
What is SIEM? Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations. Reference: https://www.microsoft.com/en-us/security/business/security-101/what-is-siem
Why use SIEM? SIEM tools offer many benefits that can help strengthen an organization’s overall security posture, including: ● A central view of potential threats ● Real-time threat identification and response ● Advanced threat intelligence ● Regulatory compliance auditing and reporting ● Greater transparency monitoring users, applications, and devices Reference: https://www.microsoft.com/en-us/security/business/security-101/what-is-siem
About Wazuh Wazuh delivers robust security monitoring and protection for your IT assets using its Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) capabilities.
Hands-on Lab
Overview 1. Setup single Wazuh Server 2. Setup Wazuh Agent
Setup single Wazuh server curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
Setup Wazuh agent curl -o wazuh-agent-4.7.4-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.7.4-1.x86_64.rpm && sudo WAZUH_MANAGER='192.168.113.164' rpm -ihv wazuh-agent-4.7.4-1.x86_64.rpm sudo systemctl daemon-reload sudo systemctl enable wazuh-agent sudo systemctl start wazuh-agent
Access POC Environment Kemkes https://192.168.113.164 Username: admin Password: Z4EkQh1JZ0dAMfLrgx39NpNV1Qy? 1Qu2
Additional Content
Security Tools ● ClamAV - Multiplatform Antivirus ● Harbor - Container Registry with Container Image Scanning
Security in Development - DevSecOps - Software Composition Analysis (SCA) - Static Application Security Testing (SAST) - Dynamic Application Security Testing (DAST) - Container Image Scanning

More Related Content

PPTX
Security Information Event Management - nullhyd
byn|u - The Open Security Community
 
PPTX
SIEM Primer:
byAnton Chuvakin
 
PDF
What is SIEM? A Brilliant Guide to the Basics
bySagar Joshi
 
PPTX
SIEM - Your Complete IT Security Arsenal
byManageEngine EventLog Analyzer
 
PPTX
Siem tools-monitor-your-network
byhardik soni
 
PPTX
Understanding SIEM Services By Cyber Cops
byCyber Cops
 
PDF
SIEM.pdf
byssuser0c1819
 
PPTX
SORT OUT YOUR SIEM
bySecureData Europe
 
Security Information Event Management - nullhyd
byn|u - The Open Security Community
 
SIEM Primer:
byAnton Chuvakin
 
What is SIEM? A Brilliant Guide to the Basics
bySagar Joshi
 
SIEM - Your Complete IT Security Arsenal
byManageEngine EventLog Analyzer
 
Siem tools-monitor-your-network
byhardik soni
 
Understanding SIEM Services By Cyber Cops
byCyber Cops
 
SIEM.pdf
byssuser0c1819
 
SORT OUT YOUR SIEM
bySecureData Europe
 

Similar to KS - Introduction to System Information and Security Management (SIEM).pptx

PPTX
Security Information and Event Management (SIEM)
byk33a
 
PPTX
SOC and SIEM.pptx
bySandeshUprety4
 
PPTX
Introduction to SIEM.pptx
byneoalt
 
PDF
SIEM evaluator guide for soc analyst
byInfosecTrain
 
PPTX
SIEM - Activating Defense through Response by Ankur Vats
byOWASP Delhi
 
PPTX
Is SIEM really Dead ? OR Can it evolve into a Platform ?
byAujas
 
PPTX
Security Information Event Management Security Information Event Management
bykarthikvcyber
 
PDF
Cybersecurity Series SEIM Log Analysis
byJim Kaplan CIA CFE
 
PPTX
Beginner's Guide to SIEM
byAlienVault
 
PPTX
What is SIEM
byPatten John
 
PPTX
SIEM : Security Information and Event Management
bySHRIYARAI4
 
PPTX
Tips on SIEM Ops 2015
byAnton Chuvakin
 
PPTX
IBM i Security SIEM Integration
byPrecisely
 
PDF
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
byAlienVault
 
PPTX
RuSIEM overview (english version)
byOlesya Shelestova
 
PDF
The SIEM Buyer Guide the siem buyer guide
byroongrus
 
PDF
Ijetr042329
byEngineering Research Publication
 
PPTX
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
byAndris Soroka
 
DOCX
Security information event management
byJhoni Guerrero
 
PDF
Securign siem for small business
byRajul Sthapak
 
Security Information and Event Management (SIEM)
byk33a
 
SOC and SIEM.pptx
bySandeshUprety4
 
Introduction to SIEM.pptx
byneoalt
 
SIEM evaluator guide for soc analyst
byInfosecTrain
 
SIEM - Activating Defense through Response by Ankur Vats
byOWASP Delhi
 
Is SIEM really Dead ? OR Can it evolve into a Platform ?
byAujas
 
Security Information Event Management Security Information Event Management
bykarthikvcyber
 
Cybersecurity Series SEIM Log Analysis
byJim Kaplan CIA CFE
 
Beginner's Guide to SIEM
byAlienVault
 
What is SIEM
byPatten John
 
SIEM : Security Information and Event Management
bySHRIYARAI4
 
Tips on SIEM Ops 2015
byAnton Chuvakin
 
IBM i Security SIEM Integration
byPrecisely
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
byAlienVault
 
RuSIEM overview (english version)
byOlesya Shelestova
 
The SIEM Buyer Guide the siem buyer guide
byroongrus
 
Ijetr042329
byEngineering Research Publication
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
byAndris Soroka
 
Security information event management
byJhoni Guerrero
 
Securign siem for small business
byRajul Sthapak
 

Recently uploaded

PPTX
ENDNOTE refrencing how to do step by step..
byhumairasohaib19
 
PDF
OFFENSIVE OPERATIONS : THE ANATOMY OF A NETWORK TAKEOVER
byBangladesh Network Operators Group
 
PDF
Cybrain Software Solutions – Building Future-Ready Digital Tools
byCybrain Software Solutions
 
PPT
INTRODUCTION_TO_SOFTWARE_APPLICATION.pptx
byMESFINBELAY4
 
PPTX
ARCHITECTURESACGCHCIUOHCOHCSAKJCOQKCHUO.pptx
bymchlrdpc2921
 
PDF
Automating ISP Networks Using Ansible and IPAM as a Source of Truth [SoT]
byBangladesh Network Operators Group
 
PDF
DNSSEC Implementation Journey at Prime Bank’s Domain
byBangladesh Network Operators Group
 
PPTX
BTCFi on Starknet,Troves.fi offers automated strategies for Bitcoin users on ...
bytrovesfi
 
PPTX
Passive Presentation pasdskpasdasdasdasf
byNoOne501682
 
PPTX
AI Presentation it all about what is ai and how to implement in real life
byshraddhasule1710
 
PDF
A La Recherche Du Temps Perdu: In Search of the Cozy Web
byJen Looper
 
PDF
A Day in the Life of IPv6 Scanning by Matsuzaki ʻmazʼ
byBangladesh Network Operators Group
 
PPTX
evolution of internet (internet journey)
byyamunadevi49
 
PPTX
Facebook: How to Maximize for Everyday Business
byLP3I Surabaya
 
PPTX
MEANING OF EMOJIS OF SOCIAL MEDIA - RUKUNDO Emmanuel..pptx
bysongsormusics
 
ENDNOTE refrencing how to do step by step..
byhumairasohaib19
 
OFFENSIVE OPERATIONS : THE ANATOMY OF A NETWORK TAKEOVER
byBangladesh Network Operators Group
 
Cybrain Software Solutions – Building Future-Ready Digital Tools
byCybrain Software Solutions
 
INTRODUCTION_TO_SOFTWARE_APPLICATION.pptx
byMESFINBELAY4
 
ARCHITECTURESACGCHCIUOHCOHCSAKJCOQKCHUO.pptx
bymchlrdpc2921
 
Automating ISP Networks Using Ansible and IPAM as a Source of Truth [SoT]
byBangladesh Network Operators Group
 
DNSSEC Implementation Journey at Prime Bank’s Domain
byBangladesh Network Operators Group
 
BTCFi on Starknet,Troves.fi offers automated strategies for Bitcoin users on ...
bytrovesfi
 
Passive Presentation pasdskpasdasdasdasf
byNoOne501682
 
AI Presentation it all about what is ai and how to implement in real life
byshraddhasule1710
 
A La Recherche Du Temps Perdu: In Search of the Cozy Web
byJen Looper
 
A Day in the Life of IPv6 Scanning by Matsuzaki ʻmazʼ
byBangladesh Network Operators Group
 
evolution of internet (internet journey)
byyamunadevi49
 
Facebook: How to Maximize for Everyday Business
byLP3I Surabaya
 
MEANING OF EMOJIS OF SOCIAL MEDIA - RUKUNDO Emmanuel..pptx
bysongsormusics
 

KS - Introduction to System Information and Security Management (SIEM).pptx

  • 1.
    Introduction to System Informationand Security Management (SIEM) PT Flexi Integrasi Digdaya © 2024
  • 2.
    Pahrial MS ●CompTIA PenTest+ ce ● Microsoft Certified Trainer ● Certified OpenStack Administrator
  • 3.
    1. Security Team 2.Security Standard 3. What is SIEM? 4. Why use SIEM? 5. Wazuh SIEM Tool Agenda System Information and Security Management (SIEM)
  • 4.
  • 5.
    Red Team The redteam is made up of offensive security experts who try to attack an organization’s cybersecurity defenses. Example Task: 1. Penetration testing to which help to find vulnerabilities before bad guy doing it 2. Social Engineering to manipulate others to give information and credentials Reference: https://www.crowdstrike.com/cybersecurity-101/red-team-vs-blue-team/
  • 6.
    Blue Team The blueteam defends against and responds to the red team attack or from real attack. Example Task: 1. Create security strategy across people, tools, and technology 2. Analyze system to identify dangerous treats and give quick response accordingly 3. Hardening system to reduce attack surface 4. Incident response to recover from security breach Reference: https://www.crowdstrike.com/cybersecurity-101/red-team-vs-blue-team/
  • 7.
  • 8.
    Security Standards An organizationcan create their own security standards or rely on existing ones: 1. Center for Internet Security Benchmarks (CIS Benchmarks) 2. National Institute of Standards and Technology Special Publication 800-53 (NIST SP 800-53) 3. Payment Card Industry Data Security Standard (PCI DSS) 4. General Data Protection Regulation (GDPR) 5. Health Insurance Portability and Accountability Act (HIPAA)
  • 9.
  • 10.
    What is SIEM? Securityinformation and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations. Reference: https://www.microsoft.com/en-us/security/business/security-101/what-is-siem
  • 11.
    Why use SIEM? SIEMtools offer many benefits that can help strengthen an organization’s overall security posture, including: ● A central view of potential threats ● Real-time threat identification and response ● Advanced threat intelligence ● Regulatory compliance auditing and reporting ● Greater transparency monitoring users, applications, and devices Reference: https://www.microsoft.com/en-us/security/business/security-101/what-is-siem
  • 13.
    About Wazuh Wazuh deliversrobust security monitoring and protection for your IT assets using its Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) capabilities.
  • 14.
  • 15.
    Overview 1. Setup singleWazuh Server 2. Setup Wazuh Agent
  • 16.
    Setup single Wazuhserver curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
  • 17.
    Setup Wazuh agent curl-o wazuh-agent-4.7.4-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.7.4-1.x86_64.rpm && sudo WAZUH_MANAGER='192.168.113.164' rpm -ihv wazuh-agent-4.7.4-1.x86_64.rpm sudo systemctl daemon-reload sudo systemctl enable wazuh-agent sudo systemctl start wazuh-agent
  • 18.
    Access POC EnvironmentKemkes https://192.168.113.164 Username: admin Password: Z4EkQh1JZ0dAMfLrgx39NpNV1Qy? 1Qu2
  • 19.
  • 20.
    Security Tools ● ClamAV- Multiplatform Antivirus ● Harbor - Container Registry with Container Image Scanning
  • 21.
    Security in Development- DevSecOps - Software Composition Analysis (SCA) - Static Application Security Testing (SAST) - Dynamic Application Security Testing (DAST) - Container Image Scanning