دوره TCM Security – Detection Engineering for Beginners

Detection Engineering for Beginners teaches core concepts and skills to start thinking and working as a Detection Engineer!

This course will first teach the theory behind security operations and detection engineering. We’ll then start building out our home lab using VirtualBox and Elastic’s security offering. Then we’ll run through three different attack scenarios, each more complex than the one prior. We’ll make detections off of our attacks, and learn how to document our detections. Next we’ll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we’ll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we’ll have a final section on how to write scripts to gather important metrics and visualizations.

Syllabus

1. Introduction
2. Theory
3. Lab Setup
4. Elastic Setup
5. Attack Scenario 1
6. Attack Scenario 2
7. Attack Scenario 3
8. Atomic Red Team
9. TOML
10. Elastic API
11. GitHub
12. Metrics
13. Conclusion

TCM Security – Detection Engineering for Beginners