I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.
I want to set up a SIEM on my home network so I can be used to it’s operations and how it works by the time I start messing with Pentesting stuff. Then I’m going to use it to try and track myself when I pentest myself.
I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).
I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I’d rather be as close to “baby’s first SIEM” as possible or at least have a robust how-to guide.
What do you suggest?
- SEIM? Do you mean SIEM, Secure Information and Event Management? - Yes! Gods damn it. I had that up an everything on my second monitor. - You can edit your posts, you know :) - Thanks! I’m still on reddit brain. 
 
 
 
- Just a suggestion but take a look at this list… all of them should be either open source or at least free (trials, lite versions, etc.). - Find out what you use at work and see if there’s a trial version or if they use open source. - If not most of these tools are known and you may be able to find help online (forums, Lemmy, Reddit, etc.). 
- I suggest skipping the devops part and instead starting with a course. If you go with setting it up you will probably spend 95% of the time doing devops and not security (which is usually the client of the devops team that maintains the SIEM) - Got any recs? I can generally talk my company into paying for most anything education wise, but Udemy style courses work with my ADHD the best. 
 
- Wazuh is popular. It’s in use by name brand companies, FOSS and relatively turnkey. 
- I would look at CISA’s Logging Made Easy project, which is based on Wazuh and Elastic with Kibana for visualization and dashboards. 




