Detection Engineering can be a minefield of technical and logistical challenges, but in this workshop, you’ll learn the fundamentals within a fully functional SIEM.

From writing custom threat detections using a structured and scientific process to test-firing them yourself, you’ll gain hands-on experience that bridges the gap between theory and practice. By the end of this workshop, you will not only have a strong foundation in detection engineering knowledge but also the practical skills to build effective and high-fidelity detections from the ground up.

Syllabus

Elastic Search Basics
SIEM Detection Engineering Basics
The Detection Engineering Process
Testing Threat Detections
Setting Your Analysts Up for Success

Who Should Take This Workshop? Prerequisites

SOC engineers, managers, analysts, or those wanting to work in a SOC
Anyone wanting to learn the basic of how to write threat detections

Audience Skill Level

Introductory. A basic level of fundamental knowledge is helpful but is not strictly necessary.

System Requirements

A computer
Labs will be performed via MetaCTF Cloud Labs
An email ready to use to sign up for an Elastic Cloud free trial (you can’t have used that email for an Elastic Cloud trial previously)
A MetaCTF account

There are no scheduled live dates for this course at this time.