Security Practices with Chronicle SIEM - Locales

This course, Security Practices with Chronicle SIEM - Locales, is intended for non-English learners. If you want to take this course in English, please enroll in Security Practices with Chronicle SIEM. Learn the technical aspects you need to know about Chronicle and how it can help you detect and action threats.

• Foundations of Chronicle
• Other Fundamental Chronicle Concepts: UDM Overview
• Other Fundamental Chronicle Concepts: Help documentation for UDM
• Overview: What is Chronicle, and why is it useful?
• Overview: Chronicle demo
• Overview: Chronicle website
• Overview: Chronicle help documentation
• User Interface: Structured query search
• User Interface: Raw log scan
• User Interface: Chronicle Views (incl. IP view, Domain view, Hash view, Asset view)
• User Interface: Enterprise Insights
• User Interface: Dashboard Views
• User Interface: Rules Views, Rule Dashboard, Managed Analystics,. Rule Editor
• Collecting and Parsing Data
• Getting Data: How to guide for ingesting AWS Logs into Chronicle
• Parsing data: Overview of writing parsers
• Parsing data: When to use default parsers
• Parsing data: Parser API overview
• Parsing data: How-to: GROK example guide
• Troubleshooting parsers: Reach out to the Security Community
• Getting Data: List of Supported data / log sources
• Getting Data: Methods of ingestion data into Chronicle
• Getting Data: Feed Management API
• Getting Data: How to guide for troubleshooting Forwarder issues / monitoring Forwarder health
• Getting Data: When to use the Ingest API vs. the Feed Management UI orForwarder
• Getting Data: How-to guide: Overview Ingest API with exampleconfiguration
• Getting Data: Help Center on Ingestion API
• Parsing Data: Supported Default Parsers
• Parsing Data: How-to: JSON parser example guide
• Parsing Data: How-to: KeyValue example guide
• Access
• Authentication: How to configure IdPs, using GCP as an example
• Authentication: How to guide for configuring Okta IdP
• Authenication: How to guide for configuring Azure IdP
• Authenication: How to guide for configuring Cloud Identity IdP
• Authorization: Help Center: Role-Based Access Control (RBAC)
• Authorization:Help Center: Roles and permissions
• Building Rules to Find Threats
• Rules overview
• Help Center: Rules dashboard
• Rules Engine overview
• Help Center: Rules editor
• Demo: Building a YARA-L rule (incl. Chronicle UI, template of five rule sections, fetching data, test the rule, deploying rule in UI)
• YARA-L 2.0 language syntax
• How to write a rule for a single / multi-event
• How to write a rule for EntityGraph
• How to Deploy a rule using the Detection API
• Detection API overview
• Rule Detections View (Finding detections of rule in the rule detection view UI)
• Troubleshooting Rules: Community Help Forum
• Investigating Threats
• 'What is BigQuery and how can you use it to hunt for and report threats?'
• Ways to investigate a threat
• Demoing the Chronicle search UI
• Looker Help Center
• Chronicle Search API
• Chronicle Data Lake structure - reference (incl. Dataset & Tables, Schema, Retention)
• Exercise 1: Connecting and authenticating to BigQuery
• Exercise 2: Exploring the Chronicle Data Lake dataset
• Exercise 3: Writing UDM event queries
• Exercise 4: Writing UDM entity queries/ Exercise 5: Examples of joiningdata
• Exercise 6: Examples of dealing with repeated fields
• Reference: SQL functions
• Reference: Understanding repeated fields/ Joining Data & Enums
• Responding to Threats
• How to respond to threats, best practices, recommendation to use a SOAR for systematic responses
• How-to guide for Siemplify integration
• Siemplify documentation (e.g. APIs)
• Quiz
• Chronicle Technical Training Quiz