LogSentinel SIEM Workshop: Dashboard, Threat Detection, Integrations
What is it like to use LogSentinel #SIEM? Here's a #demo that shows what LogSentinel SIEM can do, from how to set up an alert, what the dashboard looks like, how to triage threats in real-time, and so much more!
00:00 Intro
0:25 About LogSentinel SIEM: Predictable and Affordable Pricing, Regulatory Compliance, Simple Deployment, Cloud and On-Prem
03:00 LogSentinel Dashboard
04:00 What is an actor in the SIEM context and what is this role used for
05:00 Parameters collected by logs and how to search them
06:20 Normalized actions
07:00 Queries across sources using normalized actions (examples)
08:20 How to perform Nested Queries
09:50 Ad-hoc activity reports
11:00 Saving and scheduling custom SIEM reports
12:18 Flows
13:08 Time aggregations - per hours, per month, week, data source, etc.
13:19 Numeric aggregations of logs
13: 40 Charts defined by queries
14:10 Custom dashboards
14:39 Threat map
15:10 Reports (pre-set templates for use)
15:50 Data Sources - AD, Firewall, SAP, Website, Microsoft365, GCP, Router, Etc.
22:00 Cloud Integration with LogSentinel SIEM (MS 365, Azure, AWS, GCP, Google Workplace, Zoom, Webex, Okta, Email)
22:55 Log Collectors (Windows/Linux)
23:09 Tenants - creating and nesting tenants
24:00 SIEM Agents
26:00 Alerts, anomalies, and real-time notifications
27:38 Correlation rules (preset rules and alerts and how to import custom ones)
31:00 Statistical rules and how to set them up
32:00 Healthcheck alerts (checking data sources)
32:25 Anomaly detection and how to avoid the high volumes of false positives generated
33:32 Working hours configuration
33:52 Alerts Grid - how to check risk levels, how to triage and respond
35:40 User management - assigning users to data source groups/tenants
36:40 Threat Feeds (TAXII and others)
37:40 Adding connectors for anything
38:15 Honeypot connector with SIEM
38:35 Syslog connector
40:00 Windows event logs connector
40:30 Encryption of the keys
Request a Free Demo and find out how LogSentinel can help your organization improve information security: https://bit.ly/3wfqiDk
👨💼 About the Speaker
Bozhidar Bozhanov is co-founder and CEO at LogSentinel. He is a senior software engineer and solution architect with over 10 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He is one of the top-ranked users in Stack Overflow and his tech blog is recognized as one of the top Java developers blogs by international online media.
About LogSentinel SIEM
LogSentinel SIEM is an easy-to-use next-gen #SIEM system that helps its customers to reduce the time and cost of incident detection, investigation, and response by over 90%. By leveraging the latest technologies like blockchain and machine learning, it enables security teams to eliminate their blind spots and prevent any security incident in real-time.
LogSentinel SIEM offers predictable pricing, based on the number of active users, rather than fluctuating metrics like data volume or events per second. This together with its unparalleled ease of use and flexibility helps organizations of all sizes improve their security posture giving them a SIEM they can afford and manage effectively.
📽 More LogSentinel SIEM Webinars: https://logsentinel.com/webinars/
Connect with LogSentinel
🔗Facebook - https://www.facebook.com/LogSentinel/
🔗LinkedIn - https://www.linkedin.com/company/logsentinel
🔗Twitter - https://twitter.com/logsentinel