Setup and Manage a SIEM

Overview

A security information event management (SIEM) system is a software solution which aggregates and analyzes activity from many resources across the business network and infrastructure. A SIEM provides real-time analysis of security alerts and data.

Use an open-source or trial license of a SIEM solution to set up, configure, and run the services provided by the software. Create a network of hosts, servers, and domain controllers which generate network activity and alerts. Monitor the alerts through the SIEM.

Popular SIEM solutions:

• Splunk Enterprise Security
• IBM Security QRadar
• SolarWinds Security Event Manager
• OSSEC (open source)
• AT&T AlienValut Unified Security Management

Project Recommendations

It is recommended you have familiarity with the foundations of networking, computers, cybersecurity fundamental concepts and technologies, use of virtualization software / hypervisor, and formidable research skills.

Starting Resources & Links

• What is a SIEM? A Complete Beginner’s Guide – Varonis
• What is SIEM? Security Information & Event Management Explained – YouTube
• Top SIEM Products – eSecurity Planet

Recommended Level

Intermediate

Project Author Credit: Grant C.