Chronicle SIEM Fundamentals (CSIEMF)

 

Who should attend

Individuals who need a basic introduction to Chronicle SIEM

Prerequisites

Basic knowledge about what is SIEM & SOAR

Course Objectives

Explore the essentials of Chronicle, a powerful Security Information and Event Management (SIEM) solution offered as a cloud service on the robust Google infrastructure. The Chronicle Fundamentals course provides an in-depth overview of the key functionalities, data analysis capabilities, and security aspects of Chronicle SIEM.

  • Chronicle Access – Role-Based Access Control (RBAC) in Chronicle. Why Audit logging is important and how to implement it in your Chronicle instance.
  • Learn about Raw Log Search and UDM Search, how to use Search for investigation.
  • Chronicle Data On Boarding: forwarders, feed management, ingestion API, and direct ingestion.
  • Introduction to Chronicle Parsers – What is a parser, versioning, and parser extension.
  • Walkthrough of Chronicle Curated Detection rules.
  • Navigating Alerts using the Alert Graph: Entity data, releted alerts, alert context.
  • Learn about Entity data – Data enrichment in Chronicle, Entity types (Users & Assets), Resources, Geo IP Enrichment.
  • Advanced Search Capabilities: Reference Lists, Group Fields, Pivot, Search for Alerts.
  • Parsing data in Chronicle – What are parsers and how can we manage them: Parser update, versioning, parser extensions.
  • Building rules for Chronicle: YARA-L 2.0 syntax, Rules UI, Single event rules, Multi-event rules, using entity data in rules, Outcomes, Functions & Lists, best practice.
  • Building dashboards in Chronicle.

Course Content

  • Module 1: Chronicle Access
  • Module 2: Searching with Chronicle
    Hands-On: Raw Log & UDM Search
  • Module 3: Chronicle Data On Boarding
    Hands-On: Collect Linux Syslog
  • Module 4: Parsing Data In Chronicle
  • Module 5: Curated Detections
  • Module 6: Visualizing Alerts With Chronicle
    Hands-On: Navigating and Reviewing using Alert Graph
  • Module 7: Entity Graph
    Hands-On: Search – Asset\User Enrichment
  • Module 8: Advance Searching With Chronicle
    Hands-On: Advanced Search
  • Module 9: Building Rules For Chronicle
    Hands-On: Building Rules
  • Module 10: Visualizing Alerts (Advance)
  • Module 11: Entity Graph (Advance)
  • Module 12: Visualizing Data in Chronicle Hands-On: Building Dashboard In Chronicle

Prices & Delivery methods

Online Training

Duration
3 days

Price
  • on request
Classroom Training

Duration
3 days

Price
  • on request
 

Schedule

Instructor-led Online Training:   Course conducted online in a virtual classroom.

English

Time zone: Central European Time (CET)

Online Training Time zone: Central European Time (CET)