Elastic Security Training

We train you!
  • Technical basics for the successful use of the Elastic SIEM solution in your company
  • Numerous practical exercises, including log source connection, rule creation, alert analysis
  • Application of the skills acquired in a realistic business scenario
  • Best practices and experience from 10+ years of SIEM consulting and 24/7 SOC operation
Teaching the basics of Elastic for successful SIEM deployment
Consolidation of theory through a variety of practice-oriented exercises
Use of the skills learned in a realistic scenario

Why Elastic Security Training from SECUINFRA!

Security expertise

Since our foundation in 2010, we have focused on SIEM. Benefit from our knowledge from more than 250 consulting projects!

Elastic Expertise

Due to our many years of experience with Elastic in various projects, 20+ Elastic certifications and 30+ Elastic accreditations, we are one of the Elastic Elite Partners.

Always up to date

The use of the Elastic SIEM solution in our 24/7 operations ensures that we can always keep you informed of the latest developments.

Optimal support

The training is conducted by a certified Elastic expert who can also address individual questions during all practical exercises in order to maximize learning progress and consolidate the skills learned.

Training concept - is our training suitable for you?

To give you a first impression, we would like to briefly introduce our training concept.

In the following section, we go into more detail about the training content.

What does this course offer?

  • A quick introduction to practical work with Elastic Security
  • Deep understanding of the Elastic Stack
  • Focus on the typical tasks of a SIEM engineer / analyst (log source connection, use case development, alert analysis, etc.)
  • Practical implementation of the learning content through many exercises
  • Best practices and experience from 10+ years of SIEM consulting and 24/7 SOC operation
  • Application of the acquired knowledge in a realistic scenario
  • Support from an Elastic security expert

What does the course not offer?

  • Topics related to the installation of the Elastic Stack
  • Theoretical consideration of machine learning (ML) / generative AI
  • Observation
    of each
    individual Elastic feature
  • Teaching the basics of IT security

Thank you again for always presenting the content in an understandable way and for the excellent time management.

Feedback from a KRITIS operator that now operates its SIEM itself.

Agenda and training content

We teach you the necessary Elastic basics for a successful deployment of your SIEM.

Day 1: Elasticsearch overview and Kibana basics


  • Introduction to the Elastic Stack
  • Demonstration of a typical SIEM architecture
  • Teaching the basic Kibana functions with a focus on searching logs and creating visualizations
  • First insights into Elastic Security

Learning objectives of the first day

  • Understanding the Elastic ecosystem
  • Navigating the Kibana interface
  • Efficient data browsing
  • Create versatile dashboards
  • Knowledge of the possibilities offered by Elastic Security

On the first day, we start with an introduction to the Elastic ecosystem, a look at a typical SIEM architecture and basic navigation on the Kibana interface. We will then focus on searching logs (KQL, Lucene, ESQL) and creating visualizations, as these form the basis for successful use of the Elastic Stack. At the end of the first day, we will provide a brief insight into the functions of the Elastic Security solution.


  • Linking and parsing logs
    • Fleet Policy
    • Elastic Agent
    • Logstash
  • Data processing in the SIEM
    • Indexing and mapping
    • Ingest Pipelines
    • Index Lifecycle Management
    • Snapshots
  • Creation of rules in Elastic Security

Learning objectives of the second day

  • Connecting new log sources by creating fleet policies
  • Preparation of any data for optimal use in the SIEM context
  • Control of the event volume
  • Backup and long-term archiving of data
  • Knowledge of the different rule types and their areas of application

On the second day, we dive deep into the Elastic stack. First, we look at the path of the logs, from the endpoint via Logstash to the SIEM and examine each of the stations for possible parsing / tuning and enrichment methods. We then take an in-depth look at the complex data processing in SIEM and focus in particular on the interaction between the various components. Throughout the second day, we will go through all the necessary steps using a log connection example and apply the knowledge directly in practice. We then turn to the various security rules, focusing on the “Custom query”, “Threshold” and “Event Correlation” rules.


  • Elastic EDR
  • Alert analysis
  • Complementary topics
    • Stack monitoring
    • Licensing
  • Use case development
    • SIEM basics
    • Log sources

Learning objectives of the third day

  • Successful use of the Elastic EDR
  • Use of different analysis strategies for alert analysis
  • Monitoring the Elastic stack
  • Knowledge of the differences between the Elastic licenses
  • Selection of use cases based on MITRE ATT&CK
  • Overview of various log sources

On the third day, we will conclude the Elastic Security part with the topics Elastic EDR and alert analysis in SIEM. In the latter, we deal in particular with various analysis strategies and evaluate their strengths and weaknesses. We then turn to the monitoring of the Elastic Stack incl. the rulemaking process to ensure successful operation. The Elastic-specific topics conclude with a brief insight into the license models and the associated features. In the second half of the day, we will focus on the basics of use case development. After a brief introduction to SIEM and use cases, we will focus on the MITRE ATT&CK framework, which has become the de facto standard for use case selection. This is followed by a brief insight into various log sources that can be used to develop use cases. The focus here is on operating system logs due to the high log quality.


  • Scenario introduction
  • Use case development
  • Attack simulation
  • Analysis of the attack
  • Q&A

Learning objectives of the fourth day

  • Development of use cases in the corporate context
  • Analysis and reconstruction of a multi-stage attack
  • Consolidation and application of the acquired knowledge in practice

At the end of the training, on the fourth day, all participants are given the opportunity to put the skills they have learned into practice in a realistic scenario. A company will be presented for which the participants will develop various use cases. This is followed by an attack simulation, the exact process of which the participants are to reconstruct using the alerts of their created use cases and the data in the SIEM in general. After a detailed discussion of the scenario, we conclude the last day of the training with a Q&A session in which there is time for questions on the various topics.

Dates & costs

Next possible training dates:

  • by arrangement (for exclusive training requests)

Costs for training participation:

  • 1,900 per participant (4-day training course)

Quantity discount possible, see FAQ

The most important FAQ - Elastic Security Training

German and English are possible languages of instruction. The materials (slides, exercises) are in English.

The slides and exercises are in English, as the Elastic documentation is also in English and more questions can be answered with English search terms.

We would be happy to discuss with you the extent to which we can take your wishes into account for exclusive training courses.

At the end of the course, all participants will receive a certificate of attendance confirming that they have successfully completed the course.

A maximum of 10 people can take part in each training session. The small group size ensures that each participant can be treated individually.

With a minimum of five participants, the training courses can also be held exclusively for your company. We will be happy to find a suitable date with you. Talk to us.

The training takes place remotely so that every participant can take part from the comfort of their own workplace.

A computer with a sufficiently fast internet connection is required to participate in the training. All exercises take place in the browser and the training itself is carried out in teams. The use of the Firefox browser and, if possible, the installation of the local Teams client (alternatively web participation possible) is recommended.

Participation in the training course costs €1,900 per person.

If you register more than 3 people (for the same training date), we can grant you a quantity discount depending on the number of people registered.

Our expertise

Get in contact with us!

Contact form Elastic Security Training

Contact form Elastic Security Training at the bottom of the page

"*" indicates required fields

Please enter a number from 1 to 10.
Desired date:
Cookie Consent with Real Cookie Banner