5G Security Operations — SOC for 5G Core Networks · Pro

Lab: Writing a SIEM rule for NRF abuse detection

Lab Scenario: Designing NRF Abuse Detection

You will design a SIEM detection rule for false-NF registration — one of the highest-impact 5G threats. The scenario: your operator has a list of authorized NF instances in the provisioning system; NRF should only accept registrations matching authorized identities. Your task is to build a Sigma-format rule that detects deviations: NF registrations from unauthorized source IPs, with unauthorized NF types, or with certificates not in the authorized CA chain.

Continue reading with Pro

Your free trial has ended. Subscribe to unlock the full lesson plus all 32 advanced levels, 900 lessons, labs, and 17 TELCOMA certification exams.

$19/month or $199/year·7-day money-back guarantee·Cancel anytime