Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive 46-minute conference talk from Security BSides London that delves into the vulnerabilities and attack vectors of Security Information and Event Management (SIEM) systems. Learn about fundamental SIEM concepts, architectures, and their critical role in Security Operations Centers (SOC), while understanding common shortfalls and potential exploitation techniques. Master the technical aspects of SIEM attacks, including data ingestion manipulation, correlation rules exploitation, and alert bypass methods, as well as non-technical aspects such as organizational dependencies and process vulnerabilities. Examine various components including common log sources, ingest methods, custom applications, add-ons, and cloud-native SIEM implementations. Gain valuable insights for both defensive and offensive security teams on assessing and mitigating risks in SIEM deployments, with practical emphasis on simulating real-world attack scenarios to strengthen security posture.
