Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn to construct a fully functional Security Operations Center (SOC) from scratch using open-source tools in this comprehensive conference talk. Discover the fundamental components of SOC architecture including ingestors, storage systems, processors, and visualization interfaces, with practical mapping to popular platforms like Elastic and Splunk. Master the essential processes of log forwarding through syslog configuration, covering OS logs, application logs, and filtering techniques using rsyslog. Understand critical parsing methodologies to avoid common mistakes like assuming automatic field extraction, exploring agent-based, middleware, and index-time parsing solutions. Implement proper log normalization strategies using industry standards like ECS for Elastic and CIM for Splunk to ensure consistent variable naming and complete search coverage. Deploy high-fidelity detection mechanisms including honey-tokens and Active Directory traps that effectively capture real attacker behavior while minimizing false positives. Explore advanced concepts like Certiception for extended detection capabilities and gain insights into common SOC implementation pitfalls and how to avoid them. Whether defending personal infrastructure, analyzing threat intelligence trends, or developing red team evasion techniques, acquire hands-on knowledge of what SOCs can detect and their limitations while building practical skills for cybersecurity defense and offense operations.
