The goal of the SEC555 wiki is to provide knowledge to the security community. As one gets better we all get better! As such this is a free source of cyber defense information primarily around Security Information Event Management (SIEM) systems.
The other goal is for (SEC555: SIEM with Tactical Analytics)[https://www.sans.org/course/siem-with-tactical-analytics] students and is to increase the in-class, and, most importantly, after-class value of the course material. It is also designed as a method to give back to the security community by providing free information. This wiki is, and likely always will be, very much a work in progress.
Contained in the wiki, you will find:
- Tool and technique cheat sheets
- Reference guides
- Information about 555 instructors
- Electronic Copies of the Lab Guides (copy and paste, FTW!!!) (Digital labs are only available on student VM - SEC555 course attendees only) ...and more
Note: If you are using the student VM included when taking SEC555 you have the capability of turning on automatic wiki/lab updating.
There are two things that are highly recommended to do before diving in.
- Discover how to use the Smart Player. Videos are played using Smart Player and there are some features you may not know exist without checking out this guide. The videos created in the wiki took a tremendous amount of time to put together due to adding many features that Smart Player allows such as searching for any word spoken by the presenter and jumping to that section of the video.
- If you are a SEC555 student, enable automatic updates of the wiki and lab content
To manually update the wiki content run the command below.
$ wikiup
If the above command cannot be found your system is using the prior update script which can be ran using this command below:
$ sudo pwsh -file /scripts/wiki_update.ps1
This section only applies to students of SEC555 using the wiki within the SEC555 course provided student virtual machine. In order to enable automatic wiki/lab updating run the following command:
sudo crontab -e
Then uncomment the cron job for either the 9 AM automatic update or the update after reboot (or both):
# Uncomment the below entry to automatically update the SEC555
# wiki. The default check occurs at 9 AM but can be changed.
#0 9 * * * /bin/bash /opt/wikiup.sh
# Uncomment the below entry to automatically update the SEC555
# wiki after each reboot.
#@reboot bin/bash /opt/wikiup.shWhen finished the cron entry should look similar to this:
# Uncomment the below entry to automatically update the SEC555
# wiki. The default check occurs at 9 AM but can be changed.
0 9 * * * /bin/bash /opt/wikiup.sh
# Uncomment the below entry to automatically update the SEC555
# wiki after each reboot.
@reboot /bin/bash /opt/wikiup.shPlease let us know if you find any bugs in the courseware/labs/wiki we need to squash. Also, reach out if you have suggestions to improve the course (e.g. content/labs/tools that should be added, removed, or updated). The easiest way to submit these improvements is by sending an email to justin@hasecuritysolutions.com
Join the 555 alumni Slack channel: