I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.
I want to set up a SIEM on my home network so I can be used to it’s operations and how it works by the time I start messing with Pentesting stuff. Then I’m going to use it to try and track myself when I pentest myself.
I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).
I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I’d rather be as close to “baby’s first SIEM” as possible or at least have a robust how-to guide.
What do you suggest?
Grafana Loki is very light on resources and simple to deploy in most cases.
Combine with Sigma detection rules (converted to LogQL queries using the Loki plugin) and you’re off to the races.
SEIM? Do you mean SIEM, Secure Information and Event Management?
Yes! Gods damn it. I had that up an everything on my second monitor.
I suggest skipping the devops part and instead starting with a course. If you go with setting it up you will probably spend 95% of the time doing devops and not security (which is usually the client of the devops team that maintains the SIEM)
Got any recs? I can generally talk my company into paying for most anything education wise, but Udemy style courses work with my ADHD the best.
Nothing that comes to mind, but simple search of the SIEM you are going to use in youtube and pirate bay should provide some good starters
Wazuh is popular. It’s in use by name brand companies, FOSS and relatively turnkey.
Wazuh if you want a product instead of building it from scratch.
I’d give Greenbone a try too, I think it’s most analogous to Nessus.
