Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel
I decided to write a series of articles detailing how you can practice the basic skills need to be an Information Security Analyst. If you’re looking to get into the InfoSec field, and blue team/threat hunting sounds interesting, these articles should guide you through setting up up your home IDS & Threat Intel lab. Every infosec analyst should have a home lab, or access to a sandbox to practice their skills and deploy new tools.
Other than Splunk, all of the tools mentioned will be open-source. We can still run Splunk for free with reduced functionality. Every analyst should be familiar with Security Onion and the various features it offers. We’ll setup a Security Onion instance and use it to analyze a compromised services.
You can send all your Security Onion logs to Elasticsearch, which comes built into the distro, but for my examples, Splunk will act as our SIEM. Using Splunk, we’ll be able analyze alerts and IOCs across various sourcetypes (firewall, network, authentication, etc.).
Finally I’ll review honeypots and how you can use them to generated targeted threat intelligence. I’ve always found honeypots interesting and I wanted to share my experiences in the search for better threat intel.
I’m planning to create a video series based off these articles, which I’ll post on my YouTube channel. I already have a few videos about Security Onion, which I’ll need to update. Thanks for checking out my articles, let me know if you have any feedback.