This blog is all about Cyber Security and IT

Wednesday, March 29, 2023

How to Study Cyber SOC at home in 2023

Below is the complete guide to help you study cyber SOC at home.

Lets install SIEM First:

 There are various SIEM in the market like: QRadar, Graylog, ELK, Splunk, SumoLogic etc but we will example of Q RADAR

Download >
install >

All material you need:- 

If you encounter any of these issues below, I've collected the solutions.

. install WinCollect Agent another way: |

. send Linux logs to Qradar

. No Log Activity | Qradar CE

. No Log Activity | Qradar Code:

. Logs source problem:

. Modify maximum Log size using Group Policy

. Rule creation, use case creation Basic in Qradar SIEM |

✔️ Don't forget to generate an Authentication token from AS to write in WinCollect Agent when you install it

✔️ where logs and events from Windows, Linux, DB,..,etc :
 . DSM Configuration Guide:
Does it work? Great! That is a mini SOC. Document it somewhere and link it to your resume.🙏

------> Additional steps: <------

- Increase log visibility (activate PowerShell logging, Scriptblock logging, install Sysmon, etc)

- Install extra tools to get more visibility e.g.: Bluespan, DeepBlueCLI, Suricata Zeek, RITA (all are on GitHub)

- Test your setting! Be a bad guy and try to catch yourself. (WinPwn, Atomic Red Team, Caldera -> again, check out GitHub)

- If needed improve your SIEM with matching alert rules and build Dashboards. (Ideas? Look at Sigma rules -> GitHub)


Post a Comment