Detection Engineering can be a minefield of technical and logistical challenges, but in this workshop, you’ll learn the fundamentals within a fully functional SIEM.

From writing custom threat detections using a structured and scientific process to test-firing them yourself, you’ll gain hands-on experience that bridges the gap between theory and practice. By the end of this workshop, you will not only have a strong foundation in detection engineering knowledge but also the practical skills to build effective and high-fidelity detections from the ground up.

Syllabus

Elastic Search Basics
SIEM Detection Engineering Basics
The Detection Engineering Process
Testing Threat Detections
Setting Your Analysts Up for Success

Virtual (July 18th, 2025)

July 18th – 11 AM EST – 4 PM EST

Who Should Take This Workshop? Prerequisites

SOC engineers, managers, analysts, or those wanting to work in a SOC
Anyone wanting to learn the basic of how to write threat detections

Audience Skill Level

Introductory. A basic level of fundamental knowledge is helpful but is not strictly necessary.

System Requirements

A computer
Labs will be performed via MetaCTF Cloud Labs
An email ready to use to sign up for an Elastic Cloud free trial (you can’t have used that email for an Elastic Cloud trial previously)
A MetaCTF account

Live Training

Pay What You Can
Collaborative interaction with Instructor and fellow students through the Antisyphon Discord class channel
Access to course slides for future reference
Tips, tools, and techniques that can be applied immediately upon returning to work
Strengthen your skills by solving challenges within the Antisyphon Cyber Range
Become part of a community driven to educate and share knowledge