Listen to this Post
2025-02-15
SIEM (Security Information and Event Management) is a critical component in modern cybersecurity, especially within Security Operations Centers (SOC). It enables teams to monitor, detect, and respond to security threats effectively. Below is a curated list of free SIEM training resources to help you master various SIEM tools and technologies.
General SIEM Resources
- Windows Logging Basics: https://lnkd.in/grKYFQzJ
- What is a SIEM? (5 Videos): https://lnkd.in/gc2UDpeD
- PowerSIEM Analyzing Sysmon Events with PowerShell: https://lnkd.in/g_8Eq8vm
QRadar
- QRadar (38 Videos): https://lnkd.in/gd7V_4pe
- QRadar 101: https://lnkd.in/esbz2RjK
- QRadar SIEM Foundation: https://lnkd.in/es8NAdAw
- Ariel Query Language Guide: https://lnkd.in/eAMKy25q
Splunk
- Course Catalog: https://lnkd.in/ekm6RekE
- Basic Searching: https://lnkd.in/gygnTMfD
- Practical Splunk – Zero to Hero: https://lnkd.in/ePF_3PWj
- Splunk Use Cases: https://lnkd.in/eJ4CTNV2
- Exploring Splunk: https://lnkd.in/e8gVvMuu
Microsoft Sentinel
- What is Microsoft Sentinel: https://lnkd.in/gdB7dAdU
- Microsoft Sentinel Level 400 Training: https://lnkd.in/ezDkpWmx
- SOC 101: https://lnkd.in/evnF6kNm
FortiSIEM
- FortiSIEM Training: https://lnkd.in/e5TvYZYt
AlienVault OSSIM
- Cybrary – AlienVault OSSIM: https://lnkd.in/gRZAansT
Elastic SIEM
- Fundamentals: https://lnkd.in/gYNYs9vS
- Manual: https://lnkd.in/dTVwgSbH
ArcSight
- What is Series: https://lnkd.in/gh5ruPZt
- ArcSight ESM 101: https://lnkd.in/gS33AJdk
- ArcSight Tutorial: https://lnkd.in/guEydy_U
SureLogSIEM
- Training (English): https://lnkd.in/eAnAYDWJ
- Training (Turkish): https://lnkd.in/e9VgJFHa
- Training PDF: https://lnkd.in/eXYFmqqV
- User Guide PDF: https://lnkd.in/e4HqkexW
LogSign
- Training: https://lnkd.in/eXnjymv6
What Undercode Say
SIEM tools are indispensable for modern cybersecurity operations. They provide the ability to aggregate, analyze, and respond to security events in real-time. Whether you’re working with QRadar, Splunk, Microsoft Sentinel, or any other SIEM solution, mastering these tools is essential for any SOC analyst.
Here are some practical commands and codes to enhance your SIEM skills:
1. Linux Log Analysis:
- Use `grep` to filter logs:
grep "Failed password" /var/log/auth.log
- Analyze system logs with
journalctl:journalctl -u sshd --since "2023-10-01"
2. Windows Event Logs:
- Use PowerShell to query event logs:
Get-WinEvent -LogName Security | Where-Object {$_.ID -eq 4625} - Export logs for analysis:
wevtutil epl Security C:\SecurityLogs.evtx
3. Splunk Commands:
- Basic search:
[spl]
index=main sourcetype=access_combined status=404
[/spl] - Create alerts:
[spl]
index=main sourcetype=access_combined status=500 | stats count by src_ip
[/spl]
4. Elastic SIEM:
- Query logs using Kibana:
{ "query": { "match": { "event.type": "login" } } }
5. QRadar:
- Use Ariel Query Language (AQL):
SELECT * FROM events WHERE LOGSOURCENAME(logsourceid) = 'Firewall' LAST 24 HOURS
By leveraging these commands and resources, you can significantly improve your SIEM expertise. Remember, continuous learning and hands-on practice are key to mastering cybersecurity tools.
For further reading, explore the official documentation of the SIEM tools you’re working with, and don’t hesitate to experiment in a lab environment.
Additional Resources:
Stay curious, keep learning, and secure the digital world!
References:
Hackers Feeds, Undercode AI


