Nextlink SIEM in AWS Workshop
Security Information and Event Management (SIEM) systems are monitoring solutions that aggregate data from security sources such as applications, infrastructure, networking, and many more. They trigger alerts and present data to allow for real-time analytics of security events and threat detection.
Log analysis is an important task in threat detection, which enables forensics and real-time remediation of security events. In this workshop, we will build a security log analysis platform on Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) and get started with building a cost-efficient solution for log ingestion, analysis, and dashboarding.
SIEM on Amazon OpenSearch Service
OpenSearch Service is a fully managed service that makes it easy for you to deploy, secure, and run OpenSearch and Dashboards cost-effectively at scale. The functions required for SIEM in the OpenSearch Service environment can be deployed with AWS CloudFormation or AWS Cloud Development Kit (AWS CDK).
The basic workflow: AWS service logs put into a Simple Storage Service (Amazon S3) bucket, are automatically ETL-processed and populated into the SIEM system running on OpenSearch Service. After capturing the logs you will be able to visualize them on the dashboard and analyze correlations of multiple logs.
Workshop Goals
- Ingest multiple service logs into a centralized SIEM system
- Investigate security logs using OpenSearch Dashboards / Kibana
- Visualize data with the OpenSearch Dashboards / Kibana
- Define Amazon OpenSearch Service alert setting
Event Information
- Date: 6 April 2022, Wednesday 2 pm – 6 pm
- Format: Virtual
- Instructors:
- Mr. Jerry Yuen | AWS Solutions Architect
- Mr. Lok Yeung | AWS Partner Solutions Architect
- Ms. Beryl Lau | Nextlink Solutions Architect
Agenda
| Time | Agenda |
|---|---|
| 13:50-14:00 | Registration |
| 14:00-14:15 | Opening Remarks |
| 14:15-15:00 | Overview on Modern Log Management and Security Challenges |
| 15:00-15:15 | What is SIEM and why is it important? |
| 15:15-15:30 | Introduction on Amazon OpenSearch Hands-on session: SIEM on Amazon OpenSearch Service |
| 15:30-16:00 | SIEM Environment Building |
| 16:00-17:00 | Security Log Investigation Log Analysis Basics Log Analysis Advanced |
| 17:00-17:10 | Break |
| 17:10-17:25 | Alert Settings [Demo] |
| 17:25-17:40 | Analytics Dashboard [Demo] Visualization Custom Dashboard |
| 17:40-18:00 | Wrap-up and Q&A |
Terms and Conditions
- Nextlink reserves the right to verify your affiliation with the cloud industry, a final invitation letter will be sent to eligible participants prior to the event.
- Nextlink reserves the right to cancel, postpone or change the venue, date, and time of the event should unforeseen circumstances occur.
- Your registration information will be shared with AWS and Nextlink. These organizations may contact you regarding their service offerings and your information may be used in direct marketing by these organizations.
