Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Open-Source SIEM Sovereignty
- Why cloud SIEMs create compliance and cost risks for log retention.
- Wazuh architecture: server, indexer, dashboard, and agents.
- Comparison with Splunk, Sentinel, Elastic Security, and QRadar.
Deployment and Architecture
- Single-node and distributed deployment patterns.
- Docker Compose and Kubernetes manifests.
- Hardware sizing: CPU, RAM, disk IOPS for log ingestion.
- Certificate and TLS configuration for component communication.
Agent Management
- Installing agents via packages, Ansible, or GPO.
- Agent enrollment, key exchange, and group assignment.
- Agentless monitoring via syslog, AWS S3, or API polling.
- Agent upgrade strategies across large fleets.
Detection Engineering
- Decoders and rules for log parsing and event extraction.
- MITRE ATT&CK mapping for rule categories.
- File integrity monitoring (FIM) and rootkit detection.
- Custom rules with XML and YAML syntax.
- Threat intelligence integration: MISP, VirusTotal, and AlienVault.
Incident Response and Automation
- Active response: firewall blocking, account disable, process kill.
- SOAR integration with Shuffle, n8n, or custom webhooks.
- Alert correlation and multi-stage attack chaining.
- Case management and evidence preservation.
Compliance and Reporting
- PCI-DSS, HIPAA, GDPR, and NIST control mapping.
- Policy monitoring for password strength, encryption, and patching.
- Scheduled report generation and export.
- Audit trail integrity and tamper detection.
Dashboards and Visualization
- Wazuh dashboard customisation and widget creation.
- Grafana integration for advanced visualizations.
- Kibana compatibility for legacy Elastic deployments.
- Executive and operational SOC views.
Maintenance and Scaling
- Indexer shard management and hot-warm-cold archiving.
- Log retention policies and legal hold procedures.
- Disaster recovery and cluster rebuild.
Requirements
- Intermediate Linux and Windows system administration.
- Understanding of SIEM concepts: correlation, alerting, and log aggregation.
- Experience with the Elastic Stack or OpenSearch.
Audience
- Security operations centers replacing commercial SIEM.
- Compliance teams needing on-premise log retention.
- Government agencies requiring sovereign threat detection.
21 Hours
Custom Corporate Training
Training solutions designed exclusively for businesses.
- Customised Content: We adapt the syllabus and practical exercises to the real goals and needs of your project.
- Flexible Schedule: Dates and times adapted to your team's agenda.
- Format: Online (live), In-company (at your offices), or Hybrid.
Price per private group, online live training, starting from £4800 + VAT*
Contact us for an exact quote and to hear our latest promotions
Testimonials (3)
The trainer was helpful..
Attila - Lifial
Course - Compliance and the Management of Compliance Risk
Lab exercise
Tse Kiat - ST Engineering Training & Simulation Systems Pte. Ltd.
Course - Automated Monitoring with Zabbix
learning about Basel
