Detection Engineering Masterclass: Part 1
Detection Engineering Masterclass: Part 1, available at $84.99, has an average rating of 4.5, with 48 lectures, based on 72 reviews, and has 568 subscribers.
You will learn about Understand a variety of security functions Setup enhanced logging and SIEM functionality Ability to trigger and create your own detections in a SIEM Learn how to run attacks via Atomic Red Team This course is ideal for individuals who are security analysts or incident responders or detection engineers or cyber security college students It is particularly useful for security analysts or incident responders or detection engineers or cyber security college students.
Enroll now: Detection Engineering Masterclass: Part 1
Summary
Title: Detection Engineering Masterclass: Part 1
Price: $84.99
Average Rating: 4.5
Number of Lectures: 48
Number of Published Lectures: 48
Number of Curriculum Items: 48
Number of Published Curriculum Objects: 48
Original Price: $39.99
Quality Status: approved
Status: Live
What You Will Learn
- Understand a variety of security functions
- Setup enhanced logging and SIEM functionality
- Ability to trigger and create your own detections in a SIEM
- Learn how to run attacks via Atomic Red Team
Who Should Attend
- security analysts
- incident responders
- detection engineers
- cyber security college students
Target Audiences
- security analysts
- incident responders
- detection engineers
- cyber security college students
Welcome to the Detection Engineering Masterclass: Part 1!
Two Part Course Overview
This course will first teach the theory behind security operations and detection engineering. We’ll then start building out our home lab using VirtualBox and Elastic’s security offering. Then we’ll run through three different attack scenarios, each more complex than the one prior. We’ll make detections off of our attacks, and learn how to document our detections. Next we’ll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we’ll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we’ll have a final section on how to write scripts to gather important metrics and visualizations.
This course takes students from A-Z on the detection engineering lifecycle and technical implementation of a detection engineering architecture.
While this course is marketed as entry level, any prerequisite knowledge will help in the courses learning curve. Familiarity with security operations, searching logs, security analysis, or any related skillset will be helpful (but ultimately not required).
Part One Overview
This is part one of a two part series on Detection Engineering! This course is meant to kickstart anyone interested in security analysis, detection engineering, and security architecture.
The first part is the meat of the course, where we will go over:
-
Detection Engineering Theory
-
Setting Up our Lab
-
Working with Logging and our SIEM
-
Running Attack Scenarios to generate logs and create alerts
-
Learn how to use Atomic Red Team for testing
The second part deals with detection as code philosophies, which will be very Python and GitHub heavy (but don’t worry! I’ll walk you through everything step by step.)
By the end of this two part course, you’ll have a full stack detection engineering architecture. You’ll be able to:
-
Run offensive tests
-
Review the logs
-
Make alerts
-
Save alerts using a standardized template
-
Enforce template data through code
-
Programmatically push the alerts to the SIEM
-
Run periodic metrics off the detection data
The entire course runs ~11 or so hours in length, but should take ~20-40 hours to complete fully. All code written will be available on the course GitHub in case you’d like to skip the Python heavy sections.
Requirements
The ability to run 2-3 VMs on a local machine:
-
Ubuntu Linux
-
ParrotOS
-
Windows 11
Minimum Requirements
CPU Cores: 4
RAM: 8gb
Hard Drive Space: 50GB
Recommended Requirements
CPU Cores: 6+
RAM: 16GB+
Hard Drive Space: 50GB+
You can technically get by with the main host having only a couple cores and 8 gigs of RAM, but any additional resources that can be assigned to your VMs will make the process smoother.
Thanks for stopping by!
Course Curriculum
Chapter 1: Introduction
Lecture 1: Introduction
Chapter 2: Theory
Lecture 1: Security Operations
Lecture 2: Role Variety
Lecture 3: Security Incident and Event Management
Lecture 4: The Detection Engineering Workflow
Lecture 5: What Makes a Good Detection
Lecture 6: Technology Stack for Detection Engineering
Lecture 7: MITRE ATT&CK Framework
Lecture 8: Navigating the ATT&CK Matrix
Chapter 3: Lab Setup
Lecture 1: Lab Overview
Lecture 2: File Downloads
Lecture 3: Importing ParrotOS into VirtualBox
Lecture 4: Importing Windows 11 into VirtualBox
Lecture 5: Ubuntu VirtualBox Installation
Lecture 6: Creating a VM Snapshot
Lecture 7: Disabling Windows Defender
Lecture 8: Installing Zeek
Chapter 4: Elastic
Lecture 1: Elastic Overview
Lecture 2: Signing Up for Elastic Trial
Lecture 3: Trial Extending and New Trials
Lecture 4: Elastic Agent Installation
Lecture 5: Confirming Zeek Logging with NMAP
Lecture 6: Testing Windows Elastic Agent Logging with EICAR File
Lecture 7: Sysmon Overview
Lecture 8: Installing and Configuring Sysmon
Lecture 9: Testing Sysmon Logging with EICAR File and PowerShell
Lecture 10: Improving our PowerShell Visibility
Chapter 5: Attack Scenario 1
Lecture 1: Attack Overview
Lecture 2: Setting Up the Attack
Lecture 3: Performing the Attack
Lecture 4: Creating our First Query Alert
Lecture 5: Creating our First Threshold Alert
Lecture 6: Alert Confirmation
Chapter 6: Attack Scenario 2
Lecture 1: Attack Overview
Lecture 2: Creating and Executing our Attack – Part 1
Lecture 3: Creating and Executing our Attack – Part 2
Lecture 4: Reviewing the Attack
Lecture 5: Creating Alerts
Lecture 6: Alert Confirmation
Chapter 7: Attack Scenario 3
Lecture 1: Attack Overview
Lecture 2: Staging our Attack
Lecture 3: Creating and Executing our Attack
Lecture 4: Creating our Detections
Lecture 5: Confirming our Detections
Chapter 8: Atomic Red Team
Lecture 1: Atomic Red Team Introduction
Lecture 2: Atomic Red Team Installation
Lecture 3: Running our First Atomic
Lecture 4: Writing our First Atomic
Instructors
-
Anthony Isherwood
Cyber Security Professional by Day, Content Creator by Night
Rating Distribution
- 1 stars: 1 votes
- 2 stars: 0 votes
- 3 stars: 5 votes
- 4 stars: 20 votes
- 5 stars: 46 votes
Frequently Asked Questions
How long do I have access to the course materials?
You can view and review the lecture materials indefinitely, like an on-demand channel.
Can I take my courses with me wherever I go?
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don’t have an internet connection, some instructors also let their students download course lectures. That’s up to the instructor though, so make sure you get on their good side!
You may also like
- Digital Marketing Foundation Course
- Google Shopping Ads Digital Marketing Course
- Multi Cloud Infrastructure for beginners
- Master Lead Generation: Grow Subscribers & Sales with Popups
- Complete Copywriting System : write to sell with ease
- Product Positioning Masterclass: Unlock Market Traction
- How to Promote Your Webinar and Get More Attendees?
- Digital Marketing Courses
- Create music with Artificial Intelligence in this new market
- Create CONVERTING UGC Content So Brands Will Pay You More
- Podcast: The top 8 ways to monetize by Podcasting
- TikTok Marketing Mastery: Learn to Grow & Go Viral
- Free Digital Marketing Basics Course in Hindi
- MailChimp Free Mailing Lists: MailChimp Email Marketing
- Automate Digital Marketing & Social Media with Generative AI
- Google Ads MasterClass – All Advanced Features
- Online Course Creator: Create & Sell Online Courses Today!
- Introduction to SEO – Basic Principles of SEO
- Affiliate Marketing For Beginners: Go From Novice To Pro
- Effective Website Planning Made Simple