Skip to content

Elastic Security for SIEM

Get help for Elastic Security for SIEM

Get in touch with us

Let's break ice

Get help for Elastic Security for SIEM

This comprehensive course is designed to equip security analysts with the essential skills and knowledge needed to harness the power of Elastic Security for SIEM.

Course summary

This course is built for analysts who use the Elastic Security for SIEM solution. Elastic Security for SIEM takes you through an overview of the Elastic Stack, Fleet, and Elastic Agent. You will then learn how to create visualizations and dashboards and how to use Lens before diving into the Security app. Finally, you will conduct a threat hunting capstone exercise to tie everything together.
  • Topics
  • Audience
  • Duration
  • Pre-reqs
  • Requirements

Topics

  • Elastic Stack overview
  • ECS
  • Discover
  • Visualizations
  • Dashboards
  • Security App
  • Capstone

ELASTIC SECURITY FOR SIEM

COURSE INFORMATION

This course is built for analysts who use the Elastic Security for SIEM solution. Elastic Security for SIEM takes you through an overview of the Elastic Stack, Fleet, and Elastic Agent. You will then learn how to create visualizations and dashboards and how to use Lens before diving into the Security app. Finally, youwillconductathreathuntingcapstoneexercisetotieeverythingtogether.

Audience

  • Professionals who use Elastic Security as their SIEM.
  • Cybersecurity analysts who are responsibleformonitoringand investigatinglogsinaSOC

LESSONS

Day1:

Elastic Stack overview

IdentifythevariouscomponentsoftheElastic Stack,aswellashowdataflowsthroughit.Gain anunderstandingofthedifferentdatasources utilized in security use cases. Recognition of Fleet architectureandhowitmanagesElasticAgents. ConfigureanAgentpolicy,installintegrations, anddeployanElasticAgent.

Elastic Common Schema

ExaminetheapplicationoftheElasticCommon Schema(ECS).Discussthefundamentalsof logginganddatastructures.IdentifyhowECS normalizesdata.

Day2:

Security app

Summarizerelevantinformationwithinthe Host, Network, and User pages. Identify how the DetectionEnginesearchesactivityand generatesalerts.Constructcustomdetection rules with KQL, EQL, Lucene. Analyze Alerts that aregeneratedfromDetectionrules.Correlate relevantdatausingTimelineandtracksecurity eventsusingCases.Monitorsecurityrelated eventswithDashboardsintheSecurity Solution.

Duration: 24hours

Language: English

Requirements

  • Stableinternetconnection
  • Mac,Linux,orWindows
  • Latest version of Chrome or Firefox (otherbrowsersnotsupported)
  • Disableanyadblockersandrestart your browser before class

 

ELASTIC SECURITY FOR SIEM

COURSE INFORMATION

LESSONS

Somelessonsincludeahands-onlab.

Discover

DiscusshowKibanadisplaysdatainDiscoverand customizetheDiscoverinterfacetosearchfordata. Construct queries using KQL/Lucene to view relevant data.

Visualizations

Interpretdatawithinvisualizations.Identifybest practicesforcreatingaggregation-based visualizations.Interpretdatawithinvisualizations. Create aggregation-based and Lens visualizations for securityusecases.Demonstratetheuseof additionalfeaturesinLens.

Dashboards

InterpretdatausingrelevantDashboards. Demonstrate best practices for pivoting between apps in Kibana. Identify best practices for creating Dashboards.CreateDashboardsforsecurityuse cases.

Day3:

Huntcapstone

Workthroughaseriesofhuntmissionsdesignedto gainanunderstandingofhunttoolsand techniques.Learntochoosetherighttoolforeach job,howtoknowwhentodigdeeper,response operations,andmorebeforeembarkingon individual and team hunts.

Hunts include: find the beacons, enemy objectives, applying the kill chain, and full-spectrum adversary detection.

Prerequisites

Abasicunderstandingof:

Networking

  • TCP/IP
  • Commonportsandprotocols
  • Common networking devices (routers, switches, firewalls)

CommonNetworkMonitoringTools

  • IDS(Suricata)
  • Zeek
  • PacketCaptureTool

OperatingSystems

  • Windowsand Linux
  • Filesystemsandpermissions
  • Commandlinenavigation

VulnerabilitiesandExploitMethodology

  • Reconnaissance
  • CommandandControl(C2)
  • Data Exfiltration

~ Our Clients ~

~ Testimonials ~

Here’s what our customers have said.

Empowering Businesses with Exceptional Technology Consulting

For AI, Search, Content Management & Data Engineering Services

Get in touch with us