Summary of "you NEED this cyber security project on your resume"

Main Ideas and Concepts

The video presents a hands-on tutorial for building a Security Operations Center (SOC) by deploying a Security Information and Event Management (SIEM) system using Azure. The objective is to enhance one's resume with practical cybersecurity experience by creating a personal lab environment that monitors security events.

Key Steps and Methodology

Setting Up Azure Account:
- Sign up for a free Azure trial to get $200 in credits.
- Provide personal information to create an account.
Creating a Virtual Machine (VM):
- Set up a new Azure Virtual Machine with a preset configuration.
- Create a Resource Group to house all components.
- Choose Windows Pro as the operating system.
- Configure RDP (Remote Desktop Protocol) access for monitoring security events.
Deploying Microsoft Sentinel:
- Search for and create Microsoft Sentinel within the Azure portal.
- Add Sentinel to the Log Analytics workspace, which will handle data collection.
Connecting the VM to Sentinel:
- Set up data connectors to pull event logs from the VM to the Log Analytics workspace.
- Install the Azure Monitor Agent for log ingestion.
Creating Data Collection Rules:
- Define rules to collect Windows security events, focusing on successful RDP sign-ins.
- Specify parameters to filter out system account logins and generate alerts for user logins.
Testing and Monitoring:
- Validate the setup by signing into the VM and checking if alerts are generated in Sentinel.
- Review incidents created by the configured rules.
Future Enhancements:
- Mention the potential for expanding the project, such as integrating a threat intelligence feed via API calls.

Conclusion

The project serves as a practical introduction to cybersecurity operations, allowing participants to gain hands-on experience with Azure and SIEM tools. This experience can significantly enhance a resume, making candidates more attractive to hiring managers in the cybersecurity field.