OT-ICS Cybersecurity SOC/SIEM Implementation with WSUS & AD
Learn how to design your own SIEM/SOC lab for an ICS environment without the need for hardware. This practical course covers key concepts and technologies used in ICS cybersecurity, providing hands-on experience in deploying and configuring various tools. Perfect for control engineers, system administrators, security consultants, and researchers. Deployed on Azure with minimal resources required. Increase your understanding of cybersecurity in the ICS landscape and run tests in a simulated environment. Ideal for vendors developing products for OT systems.
What you’ll learn
- Design own SIEM/SOC Lab for ICS Environment
- Working on Azure for deploying ICS machines and SOC lab
- Complete end to end log integration and visualization
- IDS/IPS Solution deployment and visualization
- Hands-on experience of cybersecurity control deployment
- Log forwarding from Firewalls, Endpoints and Applications.
- Life time creation of lab for multiple use cases with pay as you go from Azure
- Create and destroy as many workstations, HMI, Servers you want to
***************MAKE YOUR OWN ICS SIEM/SOC LAB SETUP WITHOUT HARDWARE*************
After three theoretical courses, I introduce you to one of the full practical courses for OT/ICS SIEM/SOC solution creation.
This course is totally practical, in all chapters we are installing, configuring, or deploying something on machines located in azure infrastructure, and it’s simple, I promise.
We will cover some key concepts of ICS Cybersecurity from end-to-end deployment which are as follows:
Security information and event management (SIEM): Elasticsearch-Logstash-Kibana (ELK Stack)
SIEM Dashboarding/ Query: Kibana
NOC- Network Monitoring/ Operations Dashboarding: Grafana
EDR/HIDS – Endpoint Detection and Response/ Host Intrusion Detection: Wazuh
Log Management: Beats/Sysmon (Log collector for Windows Event logs and more)
Asset Management: OSQuery – FleetDM
Endpoint Visibility: Sysmon
Malware Detection: Strelka
Firewall: pfsense (Firewall)
IPS-Intrusion Prevention System: Snort Based
Nmap for network-based queries
Vulnerability Management: Using Nessus
Active Directory– Windows Server
WSUS-Windows Server Update Services
Modbus Communication
DNP3 communication
OPC Server-Client Communication
And this is a dynamic list, and with time keeps on updating and increasing to increase coverage.
The environment is deployed on Azure with the cheapest region and minimum resource requirements. All the steps are guided and well explained so that you can follow and create your own ICS SOC easily. after doing this course you will have a good understanding of cybersecurity technologies that are in use in the ICS landscape as well as in the overall industrial control system environment. You can run all types of tests and simulate this environment, you can also install applications from your organization to test in a similar mode.
Who this course is for:
- Control engineers, integrators, and architects who design or implement OT systems
- System administrators, engineers, and other information technology (IT) professionals who administer, patch, or secure OT systems
- Security consultants who perform security assessments and penetration testing of OT systems
- Researchers and analysts who are trying to have hands-on experience
- Engineers who need practical understanding of systems
- Vendors that are developing products that will be deployed as part of an OT system
User Reviews
Be the first to review “OT-ICS Cybersecurity SOC/SIEM Implementation with WSUS & AD”
You must be logged in to post a review.
There are no reviews yet.