Overview:

Not every attack is the same, which is why Elastic Endpoint Security gives you detailed explanations for each type of threat and the capability to respond accordingly. This instructor-led course focuses on endpoint detection and response workflows. You will learn how to use alert management tools to respond to malicious actions as well as how to hunt for advanced adversary tradecraft. After completing this course, you will be able to triage and respond to advanced threats, as well as hunt them down in your environment.

Duration: 32 hours

• Classroom - 2 days | 8 hours per day
• Virtual - 4 Days | 4 hours per day

Intended Audience:

Security analysts who are responsible for hunting and alert triage

Prerequisites:

• Familiarity with Linux and Windows operating system
• Basic understanding of cyber security concepts and terms

Requirements

• Mac, Linux, or Windows
• Stable internet connection (virtual classroom)
• Latest version of Chrome or Firefox (other browsers not supported)
• Disable any ad blockers and restart your browser before class

Course outlines:

All lessons include hands-on components.

1.      Triage, tune, and investigate

Understand alert management and whitelisting techniques. Leverage Artemis — the Elastic Endpoint Security intelligent assistant — to make your job easier. Learn response actions for eradicating malicious behavior. Explore IOC search using Endpoint Security.

2.       Hunt

Learn how to identify outliers in an environment. Explore advanced tradecraft analytics and how to enumerate malicious activity. Use Artemis and Event Query Language (EQL) to search for and identify “living off the land” techniques as well as advanced adversary tradecraft. Leverage the API for extensibility of the platform and customization of data collection. Utilize the Endpoint Security Shell — a custom python tool built to utilize the API and provide cutting-edge forensic capabilities