📊 SIEM (Security Information & Event Management)
📖 What is SIEM?
SIEM (Security Information and Event Management) is a technology that provides real-time analysis of security alerts generated by applications, network devices, and systems.
It helps security analysts detect, investigate, and respond to threats efficiently by collecting logs, correlating events, and visualizing security data.
📌 Modules Completed
- Intro to SIEM
- Investigating with ELK101
- ItsyBitsy (Splunk)
- Splunk Basics
- Incident Handling with Splunk
- Investigating with Splunk
- Benign
🎯 Skills Gained
- Understanding SIEM architecture and log ingestion
- Writing detection queries in Splunk & ELK
- Building dashboards for log analysis
- Handling security incidents in Splunk
📑 Case Studies
-
Investigating with ELK 101
Built queries and dashboards to analyze authentication logs and detect anomalies.
Read Full Case Study → -
ItsyBitsy (Splunk) Investigation
Conducted hands-on analysis using Splunk to identify suspicious events and patterns.
Read Full Case Study → -
Incident Handling with Splunk
Performed end-to-end incident investigation, including detection, analysis, and reporting.
Read Full Case Study → -
Investigating with Splunk
Executed detailed investigations on specific scenarios, such as brute-force attempts and unauthorized access.
Read Full Case Study →
✅ Lessons Learned
- SIEMs centralize log analysis for real-time detection
- Splunk provides powerful search capabilities for incident response
- ELK stacks are flexible but require tuning for efficiency
- Practical investigations improve understanding of alert triage and incident workflows
🔗 Navigation
- Back to Portfolio Home