Detection Engineering Masterclass: Part 1

Detection Engineering Masterclass: Part 1 | Udemy [Update 07/2023]
English | Size: 2.6 GB
Genre: eLearning

Detection Engineering Zero to Hero

What you’ll learn
Understand a variety of security functions
Setup enhanced logging and SIEM functionality
Ability to trigger and create your own detections in a SIEM
Learn how to run attacks via Atomic Red Team

Welcome to the Detection Engineering Masterclass: Part 1!

Two Part Course Overview

This course will first teach the theory behind security operations and detection engineering. We’ll then start building out our home lab using VirtualBox and Elastic’s security offering. Then we’ll run through three different attack scenarios, each more complex than the one prior. We’ll make detections off of our attacks, and learn how to document our detections. Next we’ll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we’ll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we’ll have a final section on how to write scripts to gather important metrics and visualizations.

This course takes students from A-Z on the detection engineering lifecycle and technical implementation of a detection engineering architecture.

While this course is marketed as entry level, any prerequisite knowledge will help in the courses learning curve. Familiarity with security operations, searching logs, security analysis, or any related skillset will be helpful (but ultimately not required).

Part One Overview

This is part one of a two part series on Detection Engineering! This course is meant to kickstart anyone interested in security analysis, detection engineering, and security architecture.

The first part is the meat of the course, where we will go over:

Detection Engineering Theory

Setting Up our Lab

Working with Logging and our SIEM

Running Attack Scenarios to generate logs and create alerts

Learn how to use Atomic Red Team for testing

The second part deals with detection as code philosophies, which will be very Python and GitHub heavy (but don’t worry! I’ll walk you through everything step by step.)

By the end of this two part course, you’ll have a full stack detection engineering architecture. You’ll be able to:

Run offensive tests

Review the logs

Make alerts

Save alerts using a standardized template

Enforce template data through code

Programmatically push the alerts to the SIEM

Run periodic metrics off the detection data

The entire course runs ~11 or so hours in length, but should take ~20-40 hours to complete fully. All code written will be available on the course GitHub in case you’d like to skip the Python heavy sections.

Requirements

The ability to run 2-3 VMs on a local machine:

Ubuntu Linux

ParrotOS

Windows 11

Minimum Requirements

CPU Cores: 4

RAM: 8gb

Hard Drive Space: 50GB

Recommended Requirements

CPU Cores: 6+

RAM: 16GB+

Hard Drive Space: 50GB+

You can technically get by with the main host having only a couple cores and 8 gigs of RAM, but any additional resources that can be assigned to your VMs will make the process smoother.

Thanks for stopping by!

Who this course is for:
security analysts
incident responders
detection engineers
cyber security college students

DOWNLOAD FROM RAPIDGATOR

DOWNLOAD FROM TURBOBIT

If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9

Leave a Comment Cancel reply