03/17 2022

Virtual Workshop | SIEM in AWS

Nextlink SIEM in AWS Workshop

Security Information and Event Management (SIEM) systems are monitoring solutions that aggregate data from security sources such as applications, infrastructure, networking, and many more. They trigger alerts and present data to allow for real-time analytics of security events and threat detection.

Log analysis is an important task in threat detection, which enables forensics and real-time remediation of security events. In this workshop, we will build a security log analysis platform on Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) and get started with building a cost-efficient solution for log ingestion, analysis, and dashboarding.

SIEM on Amazon OpenSearch Service

OpenSearch Service is a fully managed service that makes it easy for you to deploy, secure, and run OpenSearch and Dashboards cost-effectively at scale. The functions required for SIEM in the OpenSearch Service environment can be deployed with AWS CloudFormation or AWS Cloud Development Kit (AWS CDK). 

The basic workflow: AWS service logs put into a Simple Storage Service (Amazon S3) bucket, are automatically ETL-processed and populated into the SIEM system running on OpenSearch Service. After capturing the logs you will be able to visualize them on the dashboard and analyze correlations of multiple logs.

Workshop Goals

  • Ingest multiple service logs into a centralized SIEM system
  • Investigate security logs using OpenSearch Dashboards / Kibana
  • Visualize data with the OpenSearch Dashboards / Kibana
  • Define Amazon OpenSearch Service alert setting

Event Information

  • Date: 6 April 2022, Wednesday 2 pm – 6 pm
  • Format: Virtual
  • Instructors:
    • Mr. Jerry Yuen | AWS Solutions Architect
    • Mr. Lok Yeung | AWS Partner Solutions Architect
    • Ms. Beryl Lau | Nextlink Solutions Architect


14:00-14:15Opening Remarks
14:15-15:00Overview on Modern Log Management and Security Challenges
15:00-15:15What is SIEM and why is it important?
15:15-15:30Introduction on Amazon OpenSearch
Hands-on session: SIEM on Amazon OpenSearch Service
15:30-16:00SIEM Environment Building
16:00-17:00Security Log Investigation
Log Analysis Basics
Log Analysis Advanced
17:10-17:25Alert Settings [Demo]
17:25-17:40Analytics Dashboard [Demo]
Custom Dashboard
17:40-18:00Wrap-up and Q&A

Terms and Conditions

  1. Nextlink reserves the right to verify your affiliation with the cloud industry, a final invitation letter will be sent to eligible participants prior to the event.
  2. Nextlink reserves the right to cancel, postpone or change the venue, date, and time of the event should unforeseen circumstances occur.
  3. Your registration information will be shared with AWS and Nextlink. These organizations may contact you regarding their service offerings and your information may be used in direct marketing by these organizations.