A separate virtual machine is needed as SIEM virtual machine in VirtualBox. I used CentOS as Operating System for the SIEM VM. If you use Splunk as your SIEM system, Splunk Enterprise needs to be installed as described under the following link:
http://docs.splunk.com/Documentation/Splunk/7.1.0/Installation/Whatsinthismanual

After that, Splunk needs an inputs.conf configuration in order to receive the logs from the analysis VM:
https://docs.splunk.com/Documentation/Splunk/7.1.0/Admin/Inputsconf

If you or your company don't have an enterprise license of Splunk, you can use the free license of Splunk, which have some limitations described under the following link:
https://docs.splunk.com/Documentation/Splunk/7.1.0/Admin/TypesofSplunklicenses

The Use Cases are triggered using Splunks REST API. Therefore it has to be enabled with the following option in the server.conf:
[general]
allowRemoteLogin = always