Cyber security of industrial infrastructure facilities / Expert

ANT7002

Designing and Building an Industrial SIEM System

Duration of training: 3 days

sign up for a course

description
course

This course enables participants to learn how to design and implement SIEM systems to enhance the capabilities of a corporate security operations function within an industrial environment: continuously monitoring the company's security posture and tracking KRIs, aggregating incident data, automatically detecting anomalies within the overall flow of information system events, and more. The practical component of the course is built around OpenSearch; however, the majority of the material is equally applicable to commercial closed-source SIEM solutions such as QRadar, Splunk, and FortiSIEM.

course audience

Cybersecurity analysts and specialists involved in the operation of Security Operations Centers (SOC).

prerequisites

Knowledge at the level of courses ANT0000, ANT0041, and ANT-ICS101 is required. Knowledge at the level of courses ANT0012, ANT0701, and ANT0401 is recommended.

how it works
education

online course

The online course involves group classes with an instructor via video conferencing, in addition, homework and an exam.

for corporate clients

training for corporate clients includes online and self-study courses, as well as additional services required by corporate clients: organizing training plans for client departments, assessing the effectiveness of training, etc.

teacher
course

program
course

• Operational cybersecurity processes and objectives.
• Classification and sources of cybersecurity events.
• Monitoring challenges in cybersecurity.
• "Tactical" and "Forensic" approaches to SIEM design.
• Standard cybersecurity event processing workflows.
• SIEM as an approach to cybersecurity monitoring.
• Event generation on industrial infrastructure devices.
• Delivering events generated by PLC controllers.
• Delivering events generated by HMI and SCADA systems.
• Delivering events generated by industrial network devices.
• Generating simple alerts upon detection of specific events.
• Generating baselining alerts: thresholding and windowing.
• Anomaly detection within the cybersecurity event stream.
• Generating alerts using event correlation rules.
• The operational logic of correlation engines.
• Leveraging Threat Intelligence to extend SIEM capabilities.
• Building a data processing pipeline.
• Constructing a data processing platform using OpenSearch as an example.
• Structured query languages. Kibana Query Language.
• A practical example of building a "tactical" SIEM system using OpenSearch.

Сourse purchase
options

individual

Cost — $1,549.15

Group online classes

Unlimited access to all the materials

Live webinars with teachers

Homework

Exam with certificate

To confirm course dates fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy

corporate

Cost from $1,549.15

To obtain information about the final cost and clarify the date of the course, please fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy