- Joined
- Threads
- 51
- Posts
- 52
This course teaches the theory behind security operations and detection engineering. We'll then start building out our home lab using VirtualBox and Elastic's security offering. Then we'll run through three different attack scenarios, each more complex than the one prior. We'll make detections off of our attacks, and learn how to document our detections. Next we'll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we'll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we'll have a final section on how to write scripts to gather important metrics and visualizations.
This course takes students from A-Z on the detection engineering lifecycle and technical implementation of a detection engineering architecture.
While this course is marketed as entry level, any prerequisite knowledge will help in the courses learning curve. Familiarity with security operations, searching logs, security analysis, or any related skillset will be helpful (but ultimately not required).
System Requirements
The ability to run 2-3 VMs on a local machine:
* Ubuntu Linux
* ParrotOS
* Windows 11
Minimum Requirements:
CPU Cores: 4
RAM: 8GB
Hard Drive Space: 50GB
Recommended Requirements:
CPU Cores: 6+
RAM: 16GB+
Hard Drive Space: 50GB+
You can technically get by with the main host having only a couple cores and 8 gigs of RAM, but any additional resources that can be assigned to your VMs will make the process smoother.
* Ubuntu Linux
* ParrotOS
* Windows 11
Minimum Requirements:
CPU Cores: 4
RAM: 8GB
Hard Drive Space: 50GB
Recommended Requirements:
CPU Cores: 6+
RAM: 16GB+
Hard Drive Space: 50GB+
You can technically get by with the main host having only a couple cores and 8 gigs of RAM, but any additional resources that can be assigned to your VMs will make the process smoother.
Detection Engineering Course Objectives
How to Generate Logs
- Understand the various log generating systems that Detection Engineers can use.
- Learn how to create ad-hoc offensive tests to generate logs for detection creation.
- Learn how to work within a testing framework to generate logs for detection creation.
Document and Validate Detections
- Understand how to properly document your detections.
- Learn how to write your own code to validate your detection documents.
Use Code to Manipulate Data
- Learn how to use Python to interact with a SIEM's API to push and pull detection data.
- Learn to use GitHub Actions to facilitate all our custom checks and API interactions.
- Learn how to write your own code to help create detection metrics.
You must reply to see the hidden content. Consider upgrading your account to increase your reply limit.
Last edited:
