03. Blue/DFIR Components: SIEM

In this chapter, you are going to get familiar with different SIEM stacks running in PurpleLabs including Splunk, Hunting ELK (HELK), Graylog, and Wazuh. Through different security analysis tools, you will get access to real and live data sources including network and host telemetry coming from different nodes in the Cyber Range network.