Advanced Elastic Security Training
- Comprehensive consideration for the optimal use of the Elastic SIEM solution in your company
- Numerous practical exercises, including complex log source connection, use of machine learning, threat hunting
- Application of the skills acquired in a realistic business scenario
- Best practices and experience from 10+ years of SIEM consulting and 24/7 SOC operation
Why Advanced Elastic Security Training from SECUINFRA!
Training concept - is our training suitable for you?
To give you a first impression, we would like to briefly introduce our training concept.
In the following section, we go into more detail about the training content.
What does this course offer?
- Recapitulation of essential basics and teaching of advanced content, including threat hunting, EDR functionality and effective use of machine learning functionalities
- Deep understanding of the Elastic Stack
- Focus on the typical tasks of a SIEM engineer / analyst (log source connection, use case development, threat hunting, etc.)
- Practical implementation of the learning content through many exercises
- Best practices and experience from 10+ years of SIEM consulting and 24/7 SOC operation
- Application of the acquired knowledge in a realistic scenario
- Support from an Elastic security expert
What does the course not offer?
- Topics related to the installation of the Elastic Stack
- Detailed theoretical consideration of machine learning (ML) / generative AI
- Observation of each individual Elastic feature
- Teaching the basics of IT security
Are you just starting out and looking for a course that offers a quick introduction to Elastic Security?
Then our Elastic Security training is just right for you.
Thank you again for always presenting the content in an understandable way and for the excellent time management.
Feedback from a KRITIS operator that now operates its SIEM itself.
Agenda and training content
Below you will find our recommendation for a 4-day training course that will provide you with the necessary Elastic basics for a successful deployment of your SIEM.
Day 1: Recapitulation, ESQL and visualizations
Agenda
- Recapitulation of the most important Elastic topics
- Demonstration of a typical SIEM architecture and log source connection options
- Searching the logs using KQL, Lucene, EQL and ESQL
- Advanced visualizations and dashboards
Learning objectives of the first day
- Recapitulation of essential Elastic topics
- Connection of new log sources
- Efficient data browsing
- Create versatile dashboards
On the first day, we will start with a brief recap of the most important aspects of the Elastic ecosystem, including a look at a typical SIEM architecture and the different types of log ingest. We will then focus on searching logs (filters, KQL, Lucene, EQL, ESQL), with a particular focus on the new ESQL search language. Here we will learn a strategy for solving complex issues step by step with ESQL. At the end of the first day, we will look in detail at the visualization options in order to create optimal graphics in dashboards and to be able to prepare facts as intuitively as possible.
Day 2: Elasticsearch Deep Dive and Elastic Security
Agenda
- Data processing and parsing in SIEM
- Indexing and mapping
- Ingest Pipelines
- Index Lifecycle Management
- Snapshots
- Stack monitoring
- Licensing
- Basics of rule creation and alert analysis
Learning objectives of the second day
- Preparation of any data for optimal use in the SIEM context
- Control of the event volume
- Backup and long-term archiving of data
- Monitoring the Elastic stack
- Knowledge of the differences between the Elastic licenses
- Areas of application for different rule types
- Use of different analysis strategies for alert analysis
On the second day, we will dive deep into the Elastic Stack and take an in-depth look at the complex data processing in SIEM. We will focus in particular on the interaction between the various components. We will go through all the necessary steps using a log connection example and apply the knowledge directly in practice. We then turn to the monitoring of the Elastic Stack incl. the rulemaking process to ensure successful operation. We will also give a brief insight into the license models and the associated features before we start with Elastic Security. Here we will look at the creation of various security rules as well as possible analysis strategies and their strengths and weaknesses.
Day 3: Elastic EDR, Threat Hunting, ML and Use Case Development
Agenda
- Elastic EDR Advanced
- Threat Hunting incl. Osquery
- Machine Learning (ML) in Elastic
- Use case development
- SIEM basics
- MITRE ATT&CK
- Log sources
Learning objectives of the third day
- In-depth understanding of EDR and the telemetry collected
- Protecting your own infrastructure with EDR
- Use of threat intelligence
- Targeted use of machine learning (ML) in the SIEM context
- Proactive detection of threats through threat hunting
- Selection of use cases based on MITRE ATT&CK
- Overview of various log sources
On the third day, we will conclude the Elastic Security part with the topics EDR, Threat Hunting (incl. Osquery) and the Machine Learning modules in Elastic. In the EDR module, we will take an in-depth look at the various telemetry data, how the Elastic EDR works and its practical application. The Threat Hunting module will then focus on the proactive detection of malware and illustrate this using practical examples. In the Machine Learning module, after a brief introduction to the field, various options for expanding the detection capability of the Elastic SIEM will be demonstrated. In the second half of the day, we will focus on the basics of use case development. After a brief introduction to SIEM and use cases, we will focus on the MITRE ATT&CK framework, which has become the de facto standard for use case selection. This is followed by a brief insight into various log sources that can be used to develop use cases. The focus here is on operating system logs due to the high log quality.
Day 4: Application of the skills learned in a realistic scenario
Agenda
- Scenario introduction
- Use case development
- Attack simulation
- Analysis of the attack
- Q&A
Learning objectives of the fourth day
- Development of use cases in the corporate context
- Analysis and reconstruction of a multi-stage attack
- Consolidation and application of the acquired knowledge in practice
At the end of the training, on the fourth day, all participants are given the opportunity to put the skills they have learned into practice in a realistic scenario. A company will be presented for which the participants will develop various use cases. This is followed by an attack simulation, the exact process of which the participants are to reconstruct using the alerts of their created use cases and the data in the SIEM in general. After a detailed discussion of the scenario, we conclude the last day of the training with a Q&A session in which there is time for questions on the various topics.
For exclusive training courses, the training content can be individually tailored to your needs.
Dates & costs
Next possible training dates:
- by arrangement (for exclusive training requests)
Costs for training participation:
- 1,900 per participant (4-day training course)
Quantity discount possible, see FAQ
The most important FAQ - Advanced Elastic Security Training
German and English are possible languages of instruction. The materials (slides, exercises) are in English.
The slides and exercises are in English, as the Elastic documentation is also in English and more questions can be answered with English search terms.
For exclusive training courses, we will be happy to discuss with you to what extent we can take other wishes into account. Get in touch with us!
At the end of the course, all participants will receive a certificate of attendance confirming that they have successfully completed the course.
A maximum of 10 people can take part in each training session. The small group size ensures that each participant can be treated individually.
With a minimum of five participants, the training courses can also be held exclusively for your company. We will be happy to find a suitable date with you. The training can also be split into several short sessions so as not to interfere with the participants’ day-to-day business. Get in touch with us!
The training takes place remotely so that every participant can take part from the comfort of their own workplace.
A computer with a sufficiently fast internet connection is required to participate in the training. All exercises take place in the browser and the training itself is carried out in teams. The use of the Firefox or Chrome browser and, if possible, the installation of the local Teams client (alternatively, web participation via Chrome or Microsoft Edge browser is possible) is recommended.
Participation in the training course costs €1,900 per person.
If you register more than 3 people (for the same training date), we can grant you a quantity discount depending on the number of people registered.
The Elastic Security Training is aimed at people who want to get to know the Elastic Stack from the ground up and is also suitable for beginners. The Advanced Elastic Security Training only briefly repeats the basics (e.g. the various search languages) and focuses on more advanced topics (e.g. ML, threat hunting).
Our expertise
Get in contact with us!
Contact form Elastic Security Training
Contact form Elastic Security Training at the bottom of the page
"*" indicates required fields