Description
Detection Engineering Masterclass: Part 1. Overview of the two-part course This course first teaches the theory of security operations and detection engineering. Then we’ll start building our home lab using VirtualBox and Elastic’s security offering. We then run three different attack scenarios, each more complex than the previous one. We detect our attacks and learn how to document our detections. Next, we’ll dive into coding and Python by writing validation scripts and learning to interact with Elastic through their API. Wrapping things up, we host all of our detections on GitHub and sync with Elastic through our GitHub Action automations. As a cherry on top, we’ll have a final section on how to write scripts to collect important metrics and visualizations. This course introduces students to AZ in the life cycle of diagnostic engineering and the technical implementation of diagnostic engineering architecture. While this course is marketed as entry level, any prerequisite knowledge will help with the course’s learning curve. Familiarity with security operations, search logs, security analysis, or any related skill set would be helpful (but not required). Part 1 Overview: This is the first part of a two-part series on diagnostic engineering! This course is designed for beginning anyone interested in security analysis, diagnostic engineering, and security architecture.
The first part is the meat of this course, in which we will examine:
- Diagnostic engineering theory
- Setting up our lab
- Working with our Logging and SIEM
- Execution of attack scenarios to generate logs and generate alerts
- Learn how to use Atomic Red Team for testing
The second part will cover detection as code philosophies, which will be very Python and GitHub heavy (but don’t worry! I’ll walk you through everything step by step.)
At the end of this two-part course, you will have a complete diagnostic engineering architecture. You will be able to:
- Run invasive tests
- Review reports
- Create an alert
- Save alerts using a standard template
- Apply template data through code
- Programmatically push alerts to SIEM
- Run periodic benchmarks from diagnostic data
The entire course takes about 11 hours, but should take 20-40 hours to complete. If you want to skip the Python heavy parts, all the code written in the course is available on GitHub.
Requirements: Ability to run 2-3 virtual machines on a local machine:
- Ubuntu Linux
- ParrotOS
- Windows 11
Minimum requirements
- CPU cores: 4
- RAM: 8 GB
- Hard disk space: 50 GB
Recommended requirements
- CPU cores: 6+
- RAM: 16GB+
- Hard disk space: 50 GB +
- Technically you can get by with just a few cores and 8GB of RAM on the main host, but any extra resources that can be allocated to your VMs will make the process smoother.
What you will learn in Detection Engineering Masterclass: Part 1
-
Understand the types of security functions
-
Enable advanced reporting and SIEM functionality
-
Ability to set up and create your own diagnostics in a SIEM
-
Learn how to run attacks through the Atomic Red team
This course is suitable for people who
- Security analysts
- Incident responders
- Diagnostic engineers
- Cyber security college students
Details of the course Detection Engineering Masterclass: Part 1
- Publisher: Udemy
- teacher: Anthony Isherwood
- Training level: beginner to advanced
- Training duration: 5 hours and 54 minutes
- Number of courses: 48
Course headings
The prerequisites of the course Detection Engineering Masterclass: Part 1
- Basic understanding of cyber security concepts
- A computer that can host a couple of VMs
Course images
Sample video of the course
Installation guide
After Extract, view with your favorite Player.
Subtitle: None
Quality: 720p
download link
File(s) password: www.downloadly.ir
Size
2.6 GB
Be the first to comment