Cloud-native Threat Detection (SIEM) platform lab

5 / 16 (Thu.) 12:30 - 14:30 4F 4D

Cloud-native Threat Detection (SIEM) platform lab

In today's internet environment, regardless of whether it's on-premises or cloud-based, enterprises are constantly facing cybersecurity threats. Once attacked and damaged, it's common during the process of tracing back to encounter attempts by attackers to destroy evidence (Covered Track), making it difficult to trace the source, thus leading to repeated hacking incidents. Especially when enterprises have hybrid cloud environments, tracing the attack process becomes relatively complex. Therefore, constructing a SIEM system that can simultaneously accommodate security logs and monitor various hybrid architectures can assist enterprises in preserving important logs and monitoring threats. This course will provide hands-on operation to help students understand the principles of SIEM and its related diverse functionalities.

Session Objectives

Understanding how enterprises utilize Sumo Logic SIEM for detecting, monitoring, and instantaneously alerting against threats from hackers and APT teams is crucial. Enterprises can construct customized detection rules according to their uniqueness, assisting blue teams in more effectively detecting, analyzing, alerting, and responding to threats. This, in turn, enhances the overall security defense capability of the enterprise.

Session Summary

Through the training environment provided by Sumo Logic, participants will have the opportunity to experience the diverse and rich functionalities of Cloud SIEM firsthand. During the course, participants will be guided to manually write customized threat detection rules, fine-tune rules, and explore how SIEM utilizes AI/ML for threat correlation analysis.