________________________________________________________________
Do you want to take this course remotely or in person?
Contact us by email: info@nanforiberica.com , phone: +34 91 031 66 78, WhatsApp: +34 685 60 05 91 , or contact Our Offices
________________________________________________________________
Course Description: HIDS WAZUH AND SYSMON
This course is taught in online mode and consists of 5 units. The duration of the course is distributes between content and collaboration tools. Upon completion, the student will receive an accrediting diploma.
Training is done through our Virtual Campus , with this modality you will have all the didactic content on the course platform and it will be accessible, from the start day of the course, 24 hours a day, every day of the week. The student will also have participation forums , as well as a continuous tutoring .
The course is taught in teletraining modality (100% bonus option) and face-to-face and tele-face-to-face training actions can also be carried out on demand.
Introduction
This course aims to teach the techniques and tools for monitoring and analyzing security events in Windows systems , using OSSEC and Sysmon . Throughout the course, you will learn how to install, configure and manage these two programs, which will allow you to collect, send and process activity logs from Windows computers, as well as detect and alert about possible threats.
Addressed to
The course is aimed at computer security professionals, system administrators, auditors or students who want to deepen their knowledge of OSSEC and Sysmon, and how to use them to improve the defense of their Windows infrastructures. Previous knowledge of Windows, networking, and basic security is required.
Course content
Unit 1: Introduction to Wazuh
Unit 2: Basic Configuration
Hardware requirements
- Implementation on Docker
- Wazuh Settings
- User, role and policy management
- Alert settings
- Rules and decoder management
- Configuration and reporting
Unit 3: Advanced Settings
- Agent management and deployment ( OSSEC.conf )
- Centralized agent configuration
- Customizing groups by operating system
- Log collectors
Unit 4: Sysmon Deployment and Configuration
Unit 5: Exploiting Sysmon
Previous requirements
No prior technical requirements are necessary to take this course. However, basic computer skills and knowledge of environments related to Information Technology are recommended.
Rates
If you are interested in taking this course in any training modality, please contact us.
