I’m contemplating a jump into cybersecurity as a career change. I don’t have deep skills here but I think I can learn somewhat adequately. So I’m contemplating setting up a little home network security zone. I want to start with a SIEM, because a SIEM is at the center of security efforts at large companies. Once a basic SIEM is setup I can forward Windows sysmon logs, etc, create a little dataset and springboard into threat hunting, etc.
Does anyone have any experience/opinions on which SIEM I should choose? My SIEM software budget is $0.00. On a somewhat related post in these forums, I read that graylog may be the best choice.
Any opinions are welcome. Thanks!
(I did search before I posted this but I didn’t find anything for a home network. If this is a duplicate, my apologies.)
Agreed Security Onion is a good choice, but it needs quite some compute and storage resources (basically due to Elastic search).
Less hungry is Gravwell CE and the ingest limit for CE has also been lifted above 13GB - and that was already generous for a home lab environment. It comes with a lot nice dashboards and you can make your own, too. Attaching syslog, Zeek, Suricata or Corelight(athome) is easy.
Admittedly quickly pivoting around the logs is much nicer with Security Onion.
Another nice tool with a UI is AC Hunter CE, it finds beacons/C2 traffic using statistics (not using signatures). Also uses Zeek (or Corelight, e.g .Corelight athome on an RPi)