Security information and event management

These are notes and challenges on security information and event management (SIEM), vulnerability management, threat intelligence and management, and on threat hunting.

Threat hunting is complementary to the standard process of incident detection, response, and remediation, and is the practice of proactively searching for cyber threats that may be hidden in a network.

---

Testlab

• Security information and event management tools
• Threat intelligence tools
• Threat hunting tools
• Vulnerability management tools

---

Notes

• Introduction
• Incident prevention
• Threat intelligence lifecycle
• Pyramid of pain
• Cyber kill chain
• MITRE ATT&CK framework
• Unified kill chain
• Diamond model
• Incident handling (NIST)
• Standards of communication
• SIEM stack
• Threat hunting

---

Code

• Developing IPA project SIEM Stack

---

An investigation with Splunk

• Introduction
• I am really not batman
• Reconnaissance phase
• Exploitation phase
• Installation phase
• Action on objectives
• Command and control phase
• Weaponisation phase
• Delivery phase

---

TryHackMe rooms

• Introduction
• VPN logs
• ItsyBitsy
• Investigating with Splunk
• Benign
• CaddyWiper and APT37
• Zerologon

---

CyberDefenders challenges

• Introduction
• GrabThePhisher
• L’espion
• Intel101
• CaseVegas
• CyberCorp Case 2

---

Boss of the SOC v2

• Introduction
• Data dive
• Web activity investigation
• Detecting SQL and XSS web application attacks
• USB attack investigation
• Investigating FTP

---

Resources

• Introduction
• Threat maps
• Feeds
• Blogs
• Reports
• Marketplaces

---

Books