Detection Engineering Masterclass: Part 2
Detection Engineering Zero to Hero
Lectures -33
Duration -5 hours
30-days Money-Back Guarantee
Get your team access to 10000+ top Tutorials Point courses anytime, anywhere.
Course Description
Welcome to the Detection Engineering Masterclass: Part 2!
Don't Purchase if you haven't gone through Part 1!
Two-Part Course Overview
This course will first teach the theory behind security operations and detection engineering. We’ll then start building out our home lab using VirtualBox and Elastic’s security offering. Then we’ll run through three different attack scenarios, each more complex than the one prior. We’ll make detections off of our attacks, and learn how to document our detections. Next we’ll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we’ll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we’ll have a final section on how to write scripts to gather important metrics and visualizations.
This course takes students from A-Z on the detection engineering lifecycle and technical implementation of a detection engineering architecture.
While this course is marketed as entry level, any prerequisite knowledge will help in the courses learning curve. Familiarity with security operations, searching logs, security analysis, or any related skillset will be helpful (but ultimately not required).
Part Two Overview
This is part two of a two part series on Detection Engineering! This course is meant to kickstart anyone interested in security analysis, detection engineering, and security architecture.
The first part is the meat of the course, where we will go over:
Detection Engineering Theory
Setting Up our Lab
Working with Logging and our SIEM
Running Attack Scenarios to generate logs and create alerts
Learn how to use Atomic Red Team for testing
The second part deals with detection as code philosophies, which will be very Python and GitHub heavy (but don't worry! I'll walk you through everything step by step.)
By the end of this two part course, you'll have a full stack detection engineering architecture. You'll be able to:
Run offensive tests
Review the logs
Make alerts
Save alerts using a standardized template
Enforce template data through code
Programmatically push the alerts to the SIEM
Run periodic metrics off the detection data
The entire course runs ~11 or so hours in length, but should take ~20-40 hours to complete fully. All code written will be available on the course GitHub in case you'd like to skip the Python heavy sections.
Thanks for stopping by!
Goals
What will you learn in this course:
By the end of this two part course, you'll have a full stack detection engineering architecture. You'll be able to:
Run offensive tests
Review the logs
Make alerts
Save alerts using a standardized template
Enforce template data through code
Programmatically push the alerts to the SIEM
Run periodic metrics off the detection data
Prerequisites
What are the prerequisites for this course?
Requirements
The ability to run 2-3 VMs on a local machine:
Ubuntu Linux
ParrotOS
Windows 11
Minimum Requirements
CPU Cores: 4
RAM: 8gb
Hard Drive Space: 50GB
Recommended Requirements
CPU Cores: 6+
RAM: 16GB+
Hard Drive Space: 50GB+
You can technically get by with the main host having only a couple cores and 8 gigs of RAM, but any additional resources that can be assigned to your VMs will make the process smoother.
Curriculum
Check out the detailed breakdown of what’s inside the course
TOML
12 Lectures
- TOML Overview 06:20 06:20
- Setting up a Development Environment 04:01 04:01
- Reviewing Elastic Rule TOML 04:32 04:32
- Working with the Elastic Detection Rules Repo 07:58 07:58
- Validation TOML Syntax Using Taplo 06:28 06:28
- Creating an Elastic TOML Template 08:40 08:40
- Enforcing TOML Required Fields 17:48 17:48
- Working with Multiple TOML Files 10:41 10:41
- Creating a MITRE Object in Python 28:07 28:07
- Validating MITRE Data in our TOML - Part 1 14:39 14:39
- Validating MITRE Data In Our TOML - Part 2 14:39 14:39
- Converting and Validating Our Detections 06:59 06:59
Elastic API
7 Lectures
GitHub
7 Lectures
Metrics
6 Lectures
Conclusion
1 Lectures
Instructor Details
Anthony Isherwood
eCourse Certificate
Use your certificate to make a career change or to advance in your current career.
Our students work
with the Best
Related Video Courses
View MoreAnnual Membership
Become a valued member of Tutorials Point and enjoy unlimited access to our vast library of top-rated Video Courses
Subscribe nowOnline Certifications
Master prominent technologies at full length and become a valued certified professional.
Explore Now