Since our foundation in 2010, we have focused on SIEM. Benefit from our knowledge from more than 250 consulting projects!
Due to our many years of experience with Elastic in various projects, 20+ Elastic certifications and 30+ Elastic accreditations, we are one of the Elastic Elite Partners.
The use of the Elastic SIEM solution in our 24/7 operations ensures that we can always keep you informed of the latest developments.
The training is conducted by a certified Elastic expert who can also address individual questions during all practical exercises in order to maximize learning progress and consolidate the skills learned.
To give you a first impression, we would like to briefly introduce our training concept.
In the following section, we go into more detail about the training content.
Thank you again for always presenting the content in an understandable way and for the excellent time management.
Feedback from a KRITIS operator that now operates its SIEM itself.
We teach you the necessary Elastic basics for a successful deployment of your SIEM.
On the first day, we start with an introduction to the Elastic ecosystem, a look at a typical SIEM architecture and basic navigation on the Kibana interface. We will then focus on searching logs (KQL, Lucene, ESQL) and creating visualizations, as these form the basis for successful use of the Elastic Stack. At the end of the first day, we will provide a brief insight into the functions of the Elastic Security solution.
On the second day, we dive deep into the Elastic stack. First, we look at the path of the logs, from the endpoint via Logstash to the SIEM and examine each of the stations for possible parsing / tuning and enrichment methods. We then take an in-depth look at the complex data processing in SIEM and focus in particular on the interaction between the various components. Throughout the second day, we will go through all the necessary steps using a log connection example and apply the knowledge directly in practice. We then turn to the various security rules, focusing on the “Custom query”, “Threshold” and “Event Correlation” rules.
On the third day, we will conclude the Elastic Security part with the topics Elastic EDR and alert analysis in SIEM. In the latter, we deal in particular with various analysis strategies and evaluate their strengths and weaknesses. We then turn to the monitoring of the Elastic Stack incl. the rulemaking process to ensure successful operation. The Elastic-specific topics conclude with a brief insight into the license models and the associated features. In the second half of the day, we will focus on the basics of use case development. After a brief introduction to SIEM and use cases, we will focus on the MITRE ATT&CK framework, which has become the de facto standard for use case selection. This is followed by a brief insight into various log sources that can be used to develop use cases. The focus here is on operating system logs due to the high log quality.
At the end of the training, on the fourth day, all participants are given the opportunity to put the skills they have learned into practice in a realistic scenario. A company will be presented for which the participants will develop various use cases. This is followed by an attack simulation, the exact process of which the participants are to reconstruct using the alerts of their created use cases and the data in the SIEM in general. After a detailed discussion of the scenario, we conclude the last day of the training with a Q&A session in which there is time for questions on the various topics.
Next possible training dates:
Costs for training participation:
Quantity discount possible, see FAQ
German and English are possible languages of instruction. The materials (slides, exercises) are in English.
The slides and exercises are in English, as the Elastic documentation is also in English and more questions can be answered with English search terms.
We would be happy to discuss with you the extent to which we can take your wishes into account for exclusive training courses.
At the end of the course, all participants will receive a certificate of attendance confirming that they have successfully completed the course.
A maximum of 10 people can take part in each training session. The small group size ensures that each participant can be treated individually.
With a minimum of five participants, the training courses can also be held exclusively for your company. We will be happy to find a suitable date with you. Talk to us.
The training takes place remotely so that every participant can take part from the comfort of their own workplace.
A computer with a sufficiently fast internet connection is required to participate in the training. All exercises take place in the browser and the training itself is carried out in teams. The use of the Firefox or Chrome browser and, if possible, the installation of the local Teams client (alternatively, web participation via Chrome or Microsoft Edge browser is possible) is recommended.
Participation in the training course costs €1,900 per person.
If you register more than 3 people (for the same training date), we can grant you a quantity discount depending on the number of people registered.
Contact form Elastic Security Training at the bottom of the page
"*" indicates required fields
©2024 SECUINFRA GmbH. All rights reserved.