Sale!

Detection Engineering for Beginners

Original price was: $50.00.Current price is: $10.00.

Price: 10.00 USD | Size: 5.89GB |  Duration : 11.24 Hours  | 81 Video session | Bonus : Detection Engineering PDF Guides 

BRAND:

ENGLISH | INSTANT DOWNLOAD | ⭐️⭐️⭐️⭐️⭐️ 4.9

Description

Price: 10.00 USD | Size: 5.89GB |  Duration : 11.24 Hours  | 81 Video session | Bonus : Detection Engineering PDF Guides 

BRAND: Expert TRAINING | ENGLISH | INSTANT DOWNLOAD | ⭐️⭐️⭐️⭐️⭐️ 4.9

Detection Engineering for Beginners

Start thinking and working as a Detection Engineer!

Course Overview

Detection Engineering for Beginners teaches core concepts and skills to start thinking and working as a Detection Engineer!

This course will first teach the theory behind security operations and detection engineering. We’ll then start building out our home lab using VirtualBox and Elastic’s security offering. Then we’ll run through three different attack scenarios, each more complex than the one prior. We’ll make detections off of our attacks, and learn how to document our detections. Next we’ll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we’ll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we’ll have a final section on how to write scripts to gather important metrics and visualizations.

This course takes students from A-Z on the detection engineering lifecycle and technical implementation of a detection engineering architecture.

While this course is marketed as entry level, any prerequisite knowledge will help in the courses learning curve. Familiarity with security operations, searching logs, security analysis, or any related skillset will be helpful (but ultimately not required).

Requirements:

The ability to run 2-3 VMs on a local machine:

* Ubuntu Linux

* ParrotOS

* Windows 11

Minimum Requirements:

CPU Cores: 4

RAM: 8gb

Hard Drive Space: 50GB

Recommended Requirements:

CPU Cores: 6+

RAM: 16GB+

Hard Drive Space: 50GB+

You can technically get by with the main host having only a couple cores and 8 gigs of RAM, but any additional resources that can be assigned to your VMs will make the process smoother.

Learning Objectives:

* Understanding of Security Operations

* Understanding of the various log generating systems that Detection Engineers can use

* Learn how to create ad-hoc offensive tests to generate logs for detection creation

* Learn how to work within a testing framework to generate logs for detection creation

* Understanding how to properly document your detections

* Learn how to write your own code to validate your detection documents

* Learn how to use Python to interact with a SIEM’s API to push and pull detection data

* Learn to use GitHub Actions to facilitate all our custom checks and API interactions

* Learn how to write your own code to help create detection metrics

 

Course Curriculum – 11+ Hours
Introduction

Welcome!
(7:00)
Theory
Security Operations
(11:38)

Role Variety
(4:54)

Security Incident and Event Management
(7:27)

The Detection Engineering Workflow
(14:05)

What Makes a Good Detection
(4:18)

Technology Stack for Detection Engineering
(17:05)

MITRE ATT&CK Framework
(4:33)

Navigating the MITRE ATT&CK Matrix
(8:08)

Lab Setup
Lab Overview
(3:13)

File Downloads
(2:31)

Importing ParrotOS into VirtualBox
(4:04)

Importing Windows 11 into VirtualBox
(3:09)

Ubuntu VirtualBox Installation
(5:18)

Creating a VM Snapshot
(2:52)

Disabling Windows Defender
(2:26)

Installing Zeek
(5:42)

Elastic Setup
Elastic Overview
(8:57)

Signing Up for Elastic Trial
(3:12)

Trial Extending and New Trials
(3:55)

Elastic Agent Installation
(6:15)

Confirming Zeek Logging With NMAP
(4:45)

Testing Windows Elastic Agent Logging with EICAR File and PowerShell
(10:44)

Sysmon Overview
(2:07)

Installing and Configuring Sysmon
(4:30)

Testing Sysmon Logging with EICAR File and PowerShell
(6:06)

Improving Our PowerShell Visibility
(4:14)

Attack Scenario 1
Attack Overview
(1:30)

Setting up the Attack
(6:20)

Performing the Attack
(5:01)

Creating our first Query Alert
(12:19)

Creating our first Threshold Alert
(4:56)

Alert Confirmation
(9:15)

Attack Scenario 2
Overview
(1:28)

Creating and Executing Attack – Part 1
(6:53)

Creating and Executing Attack – Part 2
(10:51)

Reviewing the Attack
(10:28)

Creating Alerts
(21:02)

Confirming our Detections
(11:35)

Attack Scenario 3
Overview
(3:52)

Staging our Attack
(16:37)

Creating and Executing our Attack
(16:27)

Creating our Detections
(23:31)

Confirming our Detections
(3:42)

Atomic Red Team
Atomic Red Team Introduction
(4:23)

Installation
(2:37)

Running our First Atomic
(12:19)

Writing our First Atomic
(6:35)

TOML
TOML Overview
(6:21)

Setting up a Development Environment
(4:02)

Reviewing Elastic Rule TOML
(4:33)

Working with the Elastic Detection Rules Repo
(7:58)

Validating TOML Syntax Using Taplo
(6:28)

Creating an Elastic TOML Template
(8:40)

Enforcing TOML Required Fields
(17:48)

Creating a MITRE Object in Python
(28:08)

Working with Multiple TOML Files
(10:41)

Validating MITRE Data in our TOML – Part 1
(14:39)

Validating MITRE Data in our TOML – Part 2
(14:39)

Converting and Validating our Detections
(6:59)

Elastic API
Introduction
(1:05)

Obtaining your API Key
(1:58)

Pushing a Sample Rule
(7:35)

Writing a TOML to JSON Script
(18:59)

GET-ing Our First Rule and Managing Rule IDs
(8:12)

Working with our Custom Detections
(18:28)

Updating our Custom Detections
(4:18)

GitHub
Overview
(7:46)

GitHub Actions Introduction
(5:24)

Uploading our Detections and Code
(6:14)

Creating our TOML Validation Action
(11:36)

Enforcing Validation Checks
(6:28)

Syncing with Elastic – Part 1
(7:45)

Syncing with Elastic – Part 2
(19:03)

Metrics
Overview
(2:02)

Converting our TOML to CSV
(16:47)

Converting TOML to MD
(16:53)

Converting our TOML to Att&ck Navigator .JSON
(14:35)

Creating our Metrics GitHub Action
(17:11)

Creating Status Badges
(2:14)

Conclusion
Farewell
(4:00)

show all lectures icon

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

0
    0
    Your Cart
    Your cart is emptyReturn to Shop

    Add to cart