Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Foundations of Detection Engineering
- Core concepts and responsibilities
- The detection engineering lifecycle
- Key tools and telemetry sources
Understanding Log Sources
- Endpoint logs and event artifacts
- Network traffic and flow data
- Cloud and identity provider logs
Threat Intelligence for Detection
- Types of threat intelligence
- Using TI to inform detection design
- Mapping threats to relevant log sources
Building Effective Detection Rules
- Rule logic and pattern structures
- Detecting behavioral vs signature-based activity
- Using Sigma, Elastic, and SO rules
Alert Tuning and Optimization
- Minimizing false positives
- Iterative rule refinement
- Understanding alert context and thresholds
Investigation Techniques
- Validating detections
- Pivoting across data sources
- Documenting findings and investigation notes
Operationalizing Detections
- Versioning and change management
- Deploying rules to production systems
- Monitoring rule performance over time
Advanced Concepts for Junior Engineers
- MITRE ATT&CK alignment
- Data normalization and parsing
- Automation opportunities in detection workflows
Summary and Next Steps
Requirements
- An understanding of basic networking concepts
- Experience with using operating systems such as Windows or Linux
- Familiarity with fundamental cybersecurity terminology
Audience
- Junior analysts interested in security monitoring
- New SOC team members
- IT professionals moving into detection engineering
21 Hours
Testimonials (2)
The trainer was very knowledgable and took time to give a very good insight into cyber security issues. A lot of these examples could be used or modified for our learners and create some very engaging lesson activities.
Jenna - Merthyr College
Course - Fundamentals of Corporate Cyber Warfare
All is excellent
