Chronicle SIEM Fundamentals (CH_SIEM)

Who should attend

Individuals who need a basic introduction to Chronicle SIEM

Prerequisites

Basic knowledge about what is SIEM & SOAR

Course Objectives

Explore the essentials of Chronicle, a powerful Security Information and Event Management (SIEM) solution offered as a cloud service on the robust Google infrastructure. The Chronicle Fundamentals course provides an in-depth overview of the key functionalities, data analysis capabilities, and security aspects of Chronicle SIEM.

Chronicle Access – Role-Based Access Control (RBAC) in Chronicle. Why Audit logging is important and how to implement it in your Chronicle instance.
Learn about Raw Log Search and UDM Search, how to use Search for investigation.
Chronicle Data On Boarding: forwarders, feed management, ingestion API, and direct ingestion.
Introduction to Chronicle Parsers – What is a parser, versioning, and parser extension.
Walkthrough of Chronicle Curated Detection rules.
Navigating Alerts using the Alert Graph: Entity data, releted alerts, alert context.
Learn about Entity data – Data enrichment in Chronicle, Entity types (Users & Assets), Resources, Geo IP Enrichment.
Advanced Search Capabilities: Reference Lists, Group Fields, Pivot, Search for Alerts.
Parsing data in Chronicle – What are parsers and how can we manage them: Parser update, versioning, parser extensions.
Building rules for Chronicle: YARA-L 2.0 syntax, Rules UI, Single event rules, Multi-event rules, using entity data in rules, Outcomes, Functions & Lists, best practice.
Building dashboards in Chronicle

Course Content

Module 1: Chronicle Access
Module 2: Searching with Chronicle Hands-On: Raw Log & UDM Search
Module 3: Chronicle Data On Boarding Hands-On: Collect Linux Syslog
Module 4: Parsing Data In Chronicle
Module 5: Curated Detections
Module 6: Visualizing Alerts With Chronicle Hands-On: Navigating and Reviewing using Alert Graph
Module 7: Entity Graph Hands-On: Search – Asset\User Enrichment
Module 8: Advance Searching With Chronicle Hands-On: Advanced Search
Module 9: Building Rules For Chronicle Hands-On: Building Rules
Module 10: Visualizing Alerts (Advance)
Module 11: Entity Graph (Advance)
Module 12: Visualizing Data in Chronicle Hands-On: Building Dashboard In Chronicle

Prices & Delivery methods

Online Training

Duration
3 days

Price

on request

Dates and Booking

Request a date

Classroom Training

Duration
3 days

Price

on request

Dates and Booking

Request a date

English

2 hours difference

20–22 May 2024 Online Training Time zone: India Standard Time (IST)

5–7 Aug 2024 Online Training Time zone: India Standard Time (IST)

3 hours difference

11–13 Nov 2024 Online Training Time zone: India Standard Time (IST)

5 hours difference

17–19 Jun 2024 Online Training Time zone: UTC+8

16–18 Sep 2024 Online Training Time zone: UTC+8

6 hours difference

11–13 Dec 2024 Online Training Time zone: UTC+8

7 hours difference

29 Apr – 1 May 2024 Online Training Time zone: Australian Eastern Standard Time (AEST)

22–24 Jul 2024 Online Training Time zone: Australian Eastern Standard Time (AEST)

28–30 Oct 2024 Online Training Time zone: Central Daylight Time (CDT)

8 hours difference

19–21 Jun 2024 Online Training Time zone: Central Daylight Time (CDT)

21–23 Aug 2024 Online Training Time zone: Central Daylight Time (CDT)

7–9 Oct 2024 Online Training Time zone: Australian Eastern Daylight Saving Time (AEDT)

11–13 Dec 2024 Online Training Time zone: Central Standard Time (CST)

Instructor-led Online Training: This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.

Israel

29 Jul – 12 Aug 2024 Tel Aviv Show training days Guaranteed date!

Guaranteed date: We will carry out all guaranteed training regardless of the number of attendees, exempt from force majeure or other unexpected events, like e.g. accidents or illness of the trainer, which prevent the course from being conducted.