this post was submitted on 26 Mar 2025
34 points (90.5% liked)

Selfhosted

59897 readers
522 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
34
SIEM (startrek.website)
submitted 1 year ago* (last edited 1 year ago) by nagaram@startrek.website to c/selfhosted@lemmy.world
11 comments fedilink hide all child comments
 

I am studying for my Network+ and my Sec+ hoping to shadow our Cyber Sec guy at work.

I want to set up a SIEM on my home network so I can be used to it's operations and how it works by the time I start messing with Pentesting stuff. Then I'm going to use it to try and track myself when I pentest myself.

I was looking into Graylog or Security Onion since they seem to have decent documentation (and I can find videos on how to set them up which is nice).

I was recommended building my own ELK stack and doing everything manually for maximum learning potential. Which I understand why this is a good idea, but I think I'd rather be as close to "baby's first SIEM" as possible or at least have a robust how-to guide.

What do you suggest?

you are viewing a single comment's thread
view the rest of the comments
[–] MTK@lemmy.world 4 points 1 year ago (1 children)

I suggest skipping the devops part and instead starting with a course. If you go with setting it up you will probably spend 95% of the time doing devops and not security (which is usually the client of the devops team that maintains the SIEM)

[–] nagaram@startrek.website 1 points 1 year ago (1 children)

Got any recs? I can generally talk my company into paying for most anything education wise, but Udemy style courses work with my ADHD the best.

[–] MTK@lemmy.world 1 points 1 year ago

Nothing that comes to mind, but simple search of the SIEM you are going to use in youtube and pirate bay should provide some good starters