Overview:

Elastic Endpoint Security gives you the power to keep your endpoints safe from attack, as well as unparalleled visibility into any threat in your environment. This instructor-led course teaches you how to install, configure, and manage an Elastic Endpoint Security solution. You will learn endpoint detection and response workflows as well as how to hunt using the platform. The coursework culminates with a full-day capture-the-flag exercise in which you will discover and capture flags, simulating tactics from potential malicious activity. After completing this course, you will be able to keep your infrastructure safe from attacks, and have full visibility into how the attacks were initiated so they can be prevented in the future.

Duration: 32 hours

• Classroom - 4 days | 8 hours per day

Intended Audience:

Security analysts who are responsible for implementing an Elastic Endpoint Security solution

Prerequisites:

• Familiarity with Linux and Windows operating system
• Basic understanding of cyber security concepts and terms

Requirements

• Mac, Linux, or Windows
• Stable internet connection (virtual classroom)
• Latest version of Chrome or Firefox (other browsers not supported)
• Disable any ad blockers and restart your browser before class

Course outlines:

All lessons include hands-on components.

1.      Install and deploy and protection policies

Install and configure Elastic Endpoint Security.Deploy endpoints throughout your environment. Learn about detection and prevention capabilities. Configure custom policies for detection and prevention capabilities.

2.      Alert triage and tuning, endpoint detection and response

Understand alert management and whitelisting techniques. Leverage Artemis — the Elastic Endpoint Security intelligent assistant — to make your job easier. Learn response actions for eradicating malicious behavior. Explore IOC search using Endpoint Security.

3.      Hunt

Learn how to identify outliers in an environment. Explore advanced tradecraft analytics and how to enumerate malicious activity. Use Artemis and Event Query Language (EQL) to search for and identify “living off the land” techniques as well as advanced adversary tradecraft. Leverage the API for extensibility of the platform and customization of data collection. Utilize the Endpoint Security Shell — a custom python tool built to utilize the API and provide cutting-edge forensic capabilities.

4.      Capture the flag

Leverage training from the previous three days to discover and capture flags, simulating tactics from potential malicious activity.