I have a cybersecurity training program that I teach. Currently I teach it live and I use Elastic SIEM. I think it is a great product and not just because of the cost. I deploy Elastic on docker and have it running for the duration of the class which is about 3 months.
I will like to setup on-demand labs that students can start and be able to access the SIEM to investigate specific events in the SIEM. I wonder if there is a way to orchestrate this so that they get a very light version that only includes the specific events and does not require the usual amount of system resources. I understand that as part of the flow the log source will have to generate the actual events and send them to Elastic. My goal is to create light, on-demand, automated, scalable, and cloud-based labs.
Is something like this even possible and if so how would you go about it? FYI i do not mind hiring a freelancer (limited budget) if i can find one with the required skills.
Appreciate the help!