Detection Engineering for Beginners teaches core concepts and skills to start thinking and working as a Detection Engineer!
This course will first teach the theory behind security operations and detection engineering. We’ll then start building out our home lab using VirtualBox and Elastic’s security offering. Then we’ll run through three different attack scenarios, each more complex than the one prior. We’ll make detections off of our attacks, and learn how to document our detections. Next we’ll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we’ll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we’ll have a final section on how to write scripts to gather important metrics and visualizations.
Syllabus
- Introduction
- Theory
- Lab Setup
- Elastic Setup
- Attack Scenario 1
- Attack Scenario 2
- Attack Scenario 3
- Atomic Red Team
- TOML
- Elastic API
- GitHub
- Metrics
- Conclusion