What you’ll learn (from the course website)
Many organizations have logging capabilities but lack the people and processes to analyze them.
In addition, logging systems collect vast amounts of data from a variety of data sources which require an understanding of the sources for proper analysis.
This class is designed to provide training, methods, and processes for enhancing existing logging solutions.
This class will also provide the understanding of the when, what, and why behind the logs.
This is a lab-heavy course that utilizes SOF-ELK, a SANS-sponsored free SIEM solution, to train hands-on experience and provide the mindset for large-scale data analysis.
Today, security operations do not suffer from a “Big Data” problem but rather a “Data Analysis” problem.
Let’s face it, there are multiple ways to store and process large amounts of data without any real emphasis on gaining insight into the information collected.
Added to that is the daunting idea of an infinite list of systems from which one could collect logs.
It is easy to get lost in the perils of data saturation.
This class is the switch from the typical churn and burn log systems, to achieving actionable intelligence and developing a tactical Security Operations Center (SOC).
