Ot/Ics-Soc/Siem Design And Implementation On Microsoft Azure

Create your own full functional SOC in Azure cloud ! It is simple and cheap as well, don't get scared of word Azure!

What you'll learn

Design SIEM/SOC for ICS Environment

Working on Azure for deploying ICS machines and SOC lab

Complete end to end log integration and visualization

IDS/IPS Solution deployment and visualization

Requirements

Basic Industrial Software Knowledge Windows Server, Workstation

Prior experience in ICS required

Understands SIEM Solution

Intent for learning is much required

Description

After three theoretical courses, I introduce you to one of the full practical courses for OT/ICS SIEM/SOC solution creation.This course is totally practical, in all chapters we are installing, configuring, or deploying something on machines located in azure infrastructure, and it's simple, I promise.We will cover some key concepts of ICS Cybersecurity from end-to-end deployment which are as follows:Security information and event management (SIEM): Elasticsearch-Logstash-Kibana (ELK Stack)SIEM Dashboarding/ Query: KibanaNOC- Network Monitoring/ Operations Dashboarding: GrafanaEDR/HIDS - Endpoint Detection and Response/ Host Intrusion Detection: WazuhLog Management: Beats/Sysmon (Log collector for Windows Event logs and more)Asset Management: OSQuery - FleetDMEndpoint Visibility: Sysmon Malware Detection: Strelka Firewall: pfsense (Firewall)IPS-Intrusion Prevention System: Snort Based Nmap for network-based queriesVulnerability Management: Using NessusActive Directory- Windows ServerWSUS-Windows Server Update ServicesModbus CommunicationDNP3 communicationOPC Server-Client CommunicationAnd this is a dynamic list, and with time keeps on updating and increasing to increase coverage.The environment is deployed on Azure with the cheapest region and minimum resource requirements. All the steps are guided and well explained so that you can follow and create your own ICS SOC easily. after doing this course you will have a good understanding of cybersecurity technologies that are in use in the ICS landscape as well as in the overall industrial control system environment.  You can run all types of tests and simulate this environment, you can also install applications from your organization to test in a similar mode.

Overview

Section 1: Introduction and Setup Scenario

Lecture 1 Introduction

Section 2: Configuration and Setup-Azure and Engineerin Workstation

Lecture 2 What is Security Onion

Lecture 3 Features and Functionalities

Lecture 4 Azure Setup

Lecture 5 Create Resource Group

Lecture 6 Create Engineering Workstation

Lecture 7 Connect to Engineering Workstation

Lecture 8 Shutdown and Deallocate workstation

Section 3: Installation and Configuration of Security Onion Machine

Lecture 9 Create Security Onion Machine (SOC/SIEM)

Lecture 10 Initial Configuration of Security Onion

Lecture 11 Establish Communication to Security Onion

Lecture 12 Configure and Install Security Onion

Lecture 13 Reconnection after setup

Lecture 14 Update Suricata Rules (IDS)

Lecture 15 Security Onion Dashboard Login

Section 4: Integration of Systems to Security Onion to Agents

Lecture 16 HIDS Agent (Wazuh) Registeration

Lecture 17 HIDS Agent Installation and Integration

Lecture 18 Install Sysmon on Engineering Workstation

Section 5: Installation of Firewall as a Log source

Lecture 19 Installation of pfSense Firewall on Azure

Lecture 20 Configuration of pfsense firewall

Lecture 21 Integration of Syslog to Security onion

Lecture 22 Configuration of SNORT IDS on Firewall

Lecture 23 Check Syslogs in Security Onion

Section 6: Installation of Windows 2019 Server

Lecture 24 Installation of Windows 2019 Server on Azure

Lecture 25 Configurate Active Directory on server

Lecture 26 Connect Engineering Workstation to AD Server

Lecture 27 Install WSUS Role on Server

Lecture 28 Configuration of WSUS

Lecture 29 Integration of EWS to WSUS

Lecture 30 Setup Reverse DNS

Lecture 31 Install Wazuh on AD Server

Section 7: Adding ICS Protocols in network

Lecture 32 Modbus Server Client Installation & Communication

Lecture 33 DNP3 Server Client Installation and Communication

Lecture 34 OPC Server Client Installation and Communication

Section 8: Use cases for SOC

Lecture 35 Basic Operation of SOC

Lecture 36 NOC Operation using Grafana dashboard

Lecture 37 Events in case of Windows update from WSUS

Lecture 38 Asset Detection

Lecture 39 Installtion of Vulnerability Management solution

Lecture 40 Configure Nessus for vulnerability scanning

Lecture 41 Install Nmap and intense scan firewall

Control engineers, integrators, and architects who design or implement OT systems,System administrators, engineers, and other information technology (IT) professionals who administer, patch, or secure OT systems,Security consultants who perform security assessments and penetration testing of OT systems,Researchers and analysts who are trying to have hands-on experience,Engineers who need practical understanding of systems,Vendors that are developing products that will be deployed as part of an OT system