ACE

RESPONDER

Attack Animator

Blog

Learn

Challenges

Sign in

Before we get started, go ahead and click the green `Start SIEM` button below. ---------- A Security Information and Event Management (SIEM) is the primary tool of defenders. SIEMs aggregate and store security-relevant logs from a variety of sources. They also provide a means to retrieve and analyze collected logs. ACE challenges and learning modules use [OpenSearch](https://opensearch.org/). OpenSearch is based on a fork of [Elastic Stack](https://www.elastic.co/) v7.10.2. It and its front-end application, OpenSearch Dashboards, still have many similarities with Elasticsearch and Kibana. If you use a different SIEM for your environment, the knowledge and core skills from ACE will transfer. **OpenSearch** is a search engine and data store. It's what houses our security events. It provides a search capability to **OpenSearch Dashboards** - the interface we will use in our browser. OpenSearch Dashboards gives us the ability to search, organize, and visualize our data. * When you first open a challenge or learning module, you'll click the `Start SIEM` button. It will take a couple of minutes to initialize. * Once everything is running, an `Open SIEM` button will appear along with a username and password. * Opening the SIEM will open a new tab where you can log on with the generated username and password. * OpenSearch Dashboards may need a moment to load. In that case, just refresh the page until you see the logon page. ✔ Once you're in, navigate to `Discover`. ![](https://assets.aceresponder.com/opensearch-tutorial/navigate_discover.png) Discover is a fundamental capability of OpenSearch Dashboards. As you investigate intrusions, you will frequently revisit the Discover page. It's where we perform quick queries, identify fields to use in visualizations, and study the context of suspicious events. It may help to consider it a master spreadsheet. It presents individual log items for the enterprise chronologically. Click the `Start` button below when you're ready.

SIEM Tutorial

Share on Twitter
Share on LinkedIn

Before we get started, go ahead and click the green Start SIEM button below.

A Security Information and Event Management (SIEM) is the primary tool of defenders. SIEMs aggregate and store security-relevant logs from a variety of sources. They also provide a means to retrieve and analyze collected logs.

ACE challenges and learning modules use OpenSearch. OpenSearch is based on a fork of Elastic Stack v7.10.2. It and its front-end application, OpenSearch Dashboards, still have many similarities with Elasticsearch and Kibana. If you use a different SIEM for your environment, the knowledge and core skills from ACE will transfer.

OpenSearch is a search engine and data store. It's what houses our security events. It provides a search capability to OpenSearch Dashboards - the interface we will use in our browser. OpenSearch Dashboards gives us the ability to search, organize, and visualize our data.

  • When you first open a challenge or learning module, you'll click the Start SIEM button. It will take a couple of minutes to initialize.
  • Once everything is running, an Open SIEM button will appear along with a username and password.
  • Opening the SIEM will open a new tab where you can log on with the generated username and password.
  • OpenSearch Dashboards may need a moment to load. In that case, just refresh the page until you see the logon page.

✔ Once you're in, navigate to Discover.

Discover is a fundamental capability of OpenSearch Dashboards. As you investigate intrusions, you will frequently revisit the Discover page. It's where we perform quick queries, identify fields to use in visualizations, and study the context of suspicious events. It may help to consider it a master spreadsheet. It presents individual log items for the enterprise chronologically.

Click the Start button below when you're ready.

Free Module

Sign up to access this module's content.