Since our foundation in 2010, we have focused on SIEM. Benefit from our knowledge from more than 300 consulting projects!
Due to our many years of experience with Elastic in various projects, 20+ Elastic certifications and 30+ Elastic accreditations, we are one of the Elastic Premier Partners.
The use of the Elastic SIEM solution in our 24/7 operations ensures that we can always keep you informed of the latest developments.
The training is conducted by a certified Elastic expert who can also address individual questions during all practical exercises in order to maximize learning progress and consolidate the skills learned.
To give you a first impression, we would like to briefly introduce our training concept.
In the following section, we go into more detail about the training content.
Thank you again for always presenting the content in an understandable way and for the excellent time management.
Feedback from a KRITIS operator that now operates its SIEM itself.
Below you will find our recommendation for a 4-day training course that will provide you with the necessary Elastic basics for the successful deployment of your SIEM.
On the first day, we start with an introduction to the Elastic ecosystem, a look at a typical SIEM architecture and the basics of navigating the Kibana interface. After that, we will focus on searching logs (filters, KQL, Lucene, ESQL), with a particular emphasis on the new ESQL search language. Here, we will learn a strategy for solving complex issues step by step with ESQL. To conclude the first day, we will look at creating visualizations, since these, together with searching data, are the foundations for successfully using the Elastic Stack.
On the second day, we will take a deep dive into the Elastic stack. First, we will look at the path of the logs, from the endpoint via Logstash to the SIEM, and examine each of the stations for possible parsing / tuning and enrichment methods. Then we will take a close look at the complex data processing in the SIEM and focus in particular on the interaction of the various components. On the second day, we will go through all the necessary steps using a logon binding example and apply the knowledge directly in practice. After a short introduction to Elastic Security, we will then turn to the various security rules, focusing on the “Custom query”, “Threshold”, “ESQL” and “Event Correlation” rules.
On the third day, we will conclude the Elastic Security part with the topics Elastic EDR and alert analysis in SIEM. In the latter, we deal in particular with various analysis strategies and evaluate their strengths and weaknesses. We then turn to the monitoring of the Elastic Stack incl. the rulemaking process to ensure successful operation. The Elastic-specific topics conclude with a brief insight into the license models and the associated features. In the second half of the day, we will focus on the basics of use case development. After a brief introduction to SIEM and use cases, we will focus on the MITRE ATT&CK framework, which has become the de facto standard for use case selection. This is followed by a brief insight into various log sources that can be used to develop use cases. The focus here is on operating system logs due to the high log quality.
At the end of the training, on the fourth day, all participants are given the opportunity to put the skills they have learned into practice in a realistic scenario. A company will be presented for which the participants will develop various use cases. This is followed by an attack simulation, the exact process of which the participants are to reconstruct using the alerts of their created use cases and the data in the SIEM in general. After a detailed discussion of the scenario, we conclude the last day of the training with a Q&A session in which there is time for questions on the various topics.
For exclusive training courses, the training content can be individually tailored to your needs. This means that the topics already mentioned can be combined as you like and the following areas can also be integrated:
Next possible training dates:
Costs for training participation:
Quantity discount possible, see FAQ
German and English are possible languages of instruction. The materials (slides, exercises) are in English.
The slides and exercises are in English, as the Elastic documentation is also in English and more questions can be answered with English search terms.
The above topics can be combined as you wish in exclusive training sessions. We would also be happy to discuss with you the extent to which we can take further requests into account.
In exclusive training courses, the above-mentioned topics can be combined as desired, including further topics. We can also arrange the dates individually. The training can also be divided into several short sessions so as not to interfere with the participants’ day-to-day business. Talk to us about it!
At the end of the course, all participants will receive a certificate of attendance confirming that they have successfully completed the course.
A maximum of 10 people can take part in each training session. The small group size ensures that each participant can be treated individually.
With a minimum of five participants, the training courses can also be held exclusively for your company. We will be happy to find a suitable date with you. The training can also be divided into several short sessions so as not to interfere with the daily business of the participants. In addition, the above-mentioned topics can be combined as needed. Talk to us!
The training takes place remotely so that every participant can take part from the comfort of their own workplace.
A computer with a sufficiently fast internet connection is required to participate in the training. All exercises take place in the browser and the training itself is carried out in teams. The use of the Firefox or Chrome browser and, if possible, the installation of the local Teams client (alternatively, web participation via Chrome or Microsoft Edge browser is possible) is recommended.
Participation in the training course costs €1,900 per person.
If you register more than 3 people (for the same training date), we can grant you a quantity discount depending on the number of people registered.
Contact form Elastic Security Training at the bottom of the page
"*" indicates required fields
©2025 SECUINFRA GmbH. All rights reserved.