SOFTWARES

VIRTUALBOX

To make all virtual machines we will used VirtualBox. It's available on all platform. This software is easy to used and install so we don't gonna make a installation part. Link to download

On each vm I recommend the installation of the virtualbox guest add-on

PFSENSE

pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.

In this lab, we will seting a basic configuration. Link to download

SPLUNK

This software helps capture, index and correlate real-time data in a searchable repository, from which it can generate graphs, reports, alerts, dashboards and visualizations. Link to download

WHY SPLUNK ?

It, for me, the easiest SIEM to deploy and maintain.

WINDOWS WORKSTATION

We will used a Windows workstation joined in the domain because it will what you gonna see most of time.

SYSMON

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. Link to download

CROWDSEC

CrowdSec is an open-source and collaborative IPS (Intrusion Prevention System) and a security suite. Link