Read on Twitter
Day 4οΈβ£
Building the π Blue Team π course in public
Security Infrastructure Overview:
Building the π Blue Team π course in public
Security Infrastructure Overview:
For the Course, I have planned 3 sections
1. Active Directory (Setup / Monitoring / Attack Vectors)
2. Security Infrastructure (SIEM / SOC / IDS / VPN / Firewall etc)
3. External Servers/Services (Cloud / Webserver/-services / Container)
1. Active Directory (Setup / Monitoring / Attack Vectors)
2. Security Infrastructure (SIEM / SOC / IDS / VPN / Firewall etc)
3. External Servers/Services (Cloud / Webserver/-services / Container)
Our focus today is on Topic #2 - Security Infrastructure
The focus of the course is on SOC analysts (level 2) and those who want to become one
We will have to define what that means though:
The focus of the course is on SOC analysts (level 2) and those who want to become one
We will have to define what that means though:
Typically, SOC lvl 1 analysts are able to:
β’ detect threats with predefined rules and subsequently follow playbooks/SOPs
β’ forward cases/tickets to level 2 analysts
β’ document & summarize past incidents
β’ search internet/dark web for new TTPs / threats
we start exactly here
β’ detect threats with predefined rules and subsequently follow playbooks/SOPs
β’ forward cases/tickets to level 2 analysts
β’ document & summarize past incidents
β’ search internet/dark web for new TTPs / threats
we start exactly here
I assume if you want to take the course you are able to do those tasks, OR can learn quickly πββοΈ
We will:
β’ the creation of Standard Operating Procedures (SOPs) / Playbooks
β’ case software handling & setup
β’ log generation / ingestion
β’ SIEM setup from scratch & automation
We will:
β’ the creation of Standard Operating Procedures (SOPs) / Playbooks
β’ case software handling & setup
β’ log generation / ingestion
β’ SIEM setup from scratch & automation
β’ Rules / Alerts / Protection automation
β’ Network Setup / Segmentation / Analysis
β’ Intrusion Detection/Protection System setup
β’ Proxy setup
β’ VPN setup
β’ Hard-/Software firewalls and their setup
among others.
β’ Network Setup / Segmentation / Analysis
β’ Intrusion Detection/Protection System setup
β’ Proxy setup
β’ VPN setup
β’ Hard-/Software firewalls and their setup
among others.
Currently, the tech stack looks something like this:
SIEM - @wazuh
IDS - @snort / maybe suricata
proxy / local DNS - pihole / maybe @squidproxy
VPN - @wireguard or @OpenVPN
case management - @TheHive_Project or @Jira
firewall - opensense or pfsense
malware lab - flareVM, REMnux
SIEM - @wazuh
IDS - @snort / maybe suricata
proxy / local DNS - pihole / maybe @squidproxy
VPN - @wireguard or @OpenVPN
case management - @TheHive_Project or @Jira
firewall - opensense or pfsense
malware lab - flareVM, REMnux
@wazuh @snort @squidproxy @OpenVPN @TheHive_Project @Jira The idea is that most / all of the tools are available for free so if you need to set this up for a company you only have to pay for hosting/traffic/storage
We will go through the setup, configuration and use-cases
We will go through the setup, configuration and use-cases
@wazuh @snort @squidproxy @OpenVPN @TheHive_Project @Jira Question: Which tool / software would you want to see added?
@wazuh @snort @squidproxy @OpenVPN @TheHive_Project @Jira If you liked this thread
feel free to follow me @maikroservice for frequent updates on the course I am building
If you want to have updates with more text/pictures head to:
subscribepage.io/maikroservice-β¦
feel free to follow me @maikroservice for frequent updates on the course I am building
If you want to have updates with more text/pictures head to:
subscribepage.io/maikroservice-β¦
β’ β’ β’
Missing some Tweet in this thread? You can try to
force a refresh
γ
