Elastic Security Training

We train you!
  • Technical basics for the successful use of the Elastic SIEM solution in your company
  • Numerous practical exercises, including log source connection, rule creation, alert analysis
  • Application of the skills acquired in a realistic business scenario
  • Best practices and experience from 10+ years of SIEM consulting and 24/7 SOC operation
Knowledge
Teaching the basics of Elastic for successful SIEM deployment
Understanding
Consolidation of theory through a variety of practice-oriented exercises
Application
Use of the skills learned in a realistic scenario

Why Elastic Security Training from SECUINFRA!

Security expertise

Since our foundation in 2010, we have focused on SIEM. Benefit from our knowledge from more than 300 consulting projects!

Elastic Expertise

Due to our many years of experience with Elastic in various projects, 20+ Elastic certifications and 30+ Elastic accreditations, we are one of the Elastic Premier Partners.

Always up to date

The use of the Elastic SIEM solution in our 24/7 operations ensures that we can always keep you informed of the latest developments.

Optimal support

The training is conducted by a certified Elastic expert who can also address individual questions during all practical exercises in order to maximize learning progress and consolidate the skills learned.

Training concept - is our training suitable for you?

To give you a first impression, we would like to briefly introduce our training concept.

In the following section, we go into more detail about the training content.

What does this course offer?

  • A quick introduction to practical work with Elastic Security
  • Deep understanding of the Elastic Stack
  • Focus on the typical tasks of a SIEM engineer / analyst (log source connection, use case development, alert analysis, etc.)
  • Practical implementation of the learning content through many exercises
  • Best practices and experience from 10+ years of SIEM consulting and 24/7 SOC operation
  • Application of the acquired knowledge in a realistic scenario
  • Support from an Elastic security expert

What does the course not offer?

  • Topics related to the installation of the Elastic Stack
  • Theoretical consideration of machine learning (ML) / generative AI
  • Observation of each individual Elastic feature
  • Teaching the basics of IT security

Thank you again for always presenting the content in an understandable way and for the excellent time management.

Feedback from a KRITIS operator that now operates its SIEM itself.

Agenda and training content

Below you will find our recommendation for a 4-day training course that will provide you with the necessary Elastic basics for the successful deployment of your SIEM.

Day 1: Elasticsearch overview and Kibana basics

Agenda

  • Introduction to the Elastic Stack
  • Demonstration of a typical SIEM architecture
  • Teaching the basic Kibana functions with a focus on searching logs and creating visualizations
  • Strategy for successfully using the new search language ESQL

Learning objectives of the first day

  • Understanding the Elastic ecosystem
  • Navigating the Kibana interface
  • Efficient data browsing
  • Create versatile dashboards

On the first day, we start with an introduction to the Elastic ecosystem, a look at a typical SIEM architecture and the basics of navigating the Kibana interface. After that, we will focus on searching logs (filters, KQL, Lucene, ESQL), with a particular emphasis on the new ESQL search language. Here, we will learn a strategy for solving complex issues step by step with ESQL. To conclude the first day, we will look at creating visualizations, since these, together with searching data, are the foundations for successfully using the Elastic Stack.

Agenda

  • Linking and parsing logs
    • Fleet Policy
    • Elastic Agent
    • Logstash
  • Data processing in the SIEM
    • Indexing and mapping
    • Ingest Pipelines
    • Index Lifecycle Management
    • Snapshots
  • Introduction to Elastic Security
  • Creation of rules in Elastic Security

Learning objectives of the second day

  • Connecting new log sources by creating fleet policies
  • Preparation of any data for optimal use in the SIEM context
  • Control of the event volume
  • Backup and long-term archiving of data
  • Overview of the options offered by Elastic Security
  • Knowledge of the different rule types and their areas of application

On the second day, we will take a deep dive into the Elastic stack. First, we will look at the path of the logs, from the endpoint via Logstash to the SIEM, and examine each of the stations for possible parsing / tuning and enrichment methods. Then we will take a close look at the complex data processing in the SIEM and focus in particular on the interaction of the various components. On the second day, we will go through all the necessary steps using a logon binding example and apply the knowledge directly in practice. After a short introduction to Elastic Security, we will then turn to the various security rules, focusing on the “Custom query”, “Threshold”, “ESQL” and “Event Correlation” rules.

Agenda

  • Elastic EDR
  • Alert analysis
  • Complementary topics
    • Stack monitoring
    • Licensing
  • Use case development
    • SIEM basics
    • MITRE ATT&CK
    • Log sources

Learning objectives of the third day

  • Successful use of the Elastic EDR
  • Use of different analysis strategies for alert analysis
  • Monitoring the Elastic stack
  • Knowledge of the differences between the Elastic licenses
  • Selection of use cases based on MITRE ATT&CK
  • Overview of various log sources

On the third day, we will conclude the Elastic Security part with the topics Elastic EDR and alert analysis in SIEM. In the latter, we deal in particular with various analysis strategies and evaluate their strengths and weaknesses. We then turn to the monitoring of the Elastic Stack incl. the rulemaking process to ensure successful operation. The Elastic-specific topics conclude with a brief insight into the license models and the associated features. In the second half of the day, we will focus on the basics of use case development. After a brief introduction to SIEM and use cases, we will focus on the MITRE ATT&CK framework, which has become the de facto standard for use case selection. This is followed by a brief insight into various log sources that can be used to develop use cases. The focus here is on operating system logs due to the high log quality.

Agenda

  • Scenario introduction
  • Use case development
  • Attack simulation
  • Analysis of the attack
  • Q&A

Learning objectives of the fourth day

  • Development of use cases in the corporate context
  • Analysis and reconstruction of a multi-stage attack
  • Consolidation and application of the acquired knowledge in practice

At the end of the training, on the fourth day, all participants are given the opportunity to put the skills they have learned into practice in a realistic scenario. A company will be presented for which the participants will develop various use cases. This is followed by an attack simulation, the exact process of which the participants are to reconstruct using the alerts of their created use cases and the data in the SIEM in general. After a detailed discussion of the scenario, we conclude the last day of the training with a Q&A session in which there is time for questions on the various topics.

For exclusive training courses, the training content can be individually tailored to your needs. This means that the topics already mentioned can be combined as you like and the following areas can also be integrated:

  • Advanced dashboards: Maps and TSVB visualizations
  • EDR in detail: A deeper look at the Elastic EDR solution (Elastic Defend)
  • Osquery: Introduction and use of osquery with application in alert triage
  • Threat Hunting: Proactively detecting threats in the SIEM

Dates & costs

Next possible training dates:

  • by arrangement (for exclusive training requests)

Costs for training participation:

  • 1,900 per participant (4-day training course)

Quantity discount possible, see FAQ

The most important FAQ - Elastic Security Training

German and English are possible languages of instruction. The materials (slides, exercises) are in English.

The slides and exercises are in English, as the Elastic documentation is also in English and more questions can be answered with English search terms.

The above topics can be combined as you wish in exclusive training sessions. We would also be happy to discuss with you the extent to which we can take further requests into account.

In exclusive training courses, the above-mentioned topics can be combined as desired, including further topics. We can also arrange the dates individually. The training can also be divided into several short sessions so as not to interfere with the participants’ day-to-day business. Talk to us about it!

At the end of the course, all participants will receive a certificate of attendance confirming that they have successfully completed the course.

A maximum of 10 people can take part in each training session. The small group size ensures that each participant can be treated individually.

With a minimum of five participants, the training courses can also be held exclusively for your company. We will be happy to find a suitable date with you. The training can also be divided into several short sessions so as not to interfere with the daily business of the participants. In addition, the above-mentioned topics can be combined as needed. Talk to us!

The training takes place remotely so that every participant can take part from the comfort of their own workplace.

A computer with a sufficiently fast internet connection is required to participate in the training. All exercises take place in the browser and the training itself is carried out in teams. The use of the Firefox or Chrome browser and, if possible, the installation of the local Teams client (alternatively, web participation via Chrome or Microsoft Edge browser is possible) is recommended.

Participation in the training course costs €1,900 per person.

If you register more than 3 people (for the same training date), we can grant you a quantity discount depending on the number of people registered.

Our expertise

Get in contact with us!

Contact form Elastic Security Training

Contact form Elastic Security Training at the bottom of the page

"*" indicates required fields

Please enter a number from 1 to 10.
Desired date:
Cookie Consent with Real Cookie Banner