For the last year, I'm developing Cyber Training classes. One of them was "Cyber Programmer", for which I have joined forces with Tsofen (an Israeli NGO perusing to manpower arbs in the High-tech industry) and IITC (Israeli Institute of Technology and Communication).
In this class we have taken graduates in the IT and systems arena, giving them some Cyber awareness as well as basic pan testing and forensics skills and know-how, as well as Java and Python coding.
As a project I have asked them to build a SIEM system that will monitor Windows and Linux clients, will collect logs and push them securely to the server.
The server, in turn, will parse the logs, identify events and list them into a DB that will be shown on a web interface. This is what I had in mind….
The team have excelled and have done amazing things within a time frame of only two months. They have written the product description and the design documents for each component of the system. Then they have started to code. The core of the product; the push agent and the server are Java based. Pulling the logs every 3 min (both OS and Snort IDS) and sending them over SFTP to the server. At the server some Python scripts are parsing the logs, identifying the cyber-attacks and listing the outputs in MySQL server that in turn makes it available for the web server to display. This is how it looks like.
They did capture my vision.
It was amazing journey nursing those kids (since they are half of my age I can call them…Kids) seeing a group of individuals working together, handling all roles in the development cycle; Product management, System Architects, Researchers, Developers, QA, and integration. They also did a fabulous job as Presales when they have demonstrated the system's capabilities.
