Companies Home Search Profile
TrainingHub TrainingHub

Detection Engineering Masterclass: Part 2

Focused View

Anthony Isherwood

5:29:26

41 View
  • 1. TOML Overview.mp4
    06:20
  • 2. Setting up a Development Environment.mp4
    04:01
  • 3. Reviewing Elastic Rule TOML.mp4
    04:33
  • 4. Working with the Elastic Detection Rules Repo.mp4
    07:58
  • 5. Validating TOML Syntax Using Taplo.mp4
    06:28
  • 6. Creating an Elastic TOML Template.mp4
    08:40
  • 7. Enforcing TOML Required Fields.mp4
    17:48
  • 8. Working with Multiple TOML Files.mp4
    10:41
  • 9. Creating a MITRE Object in Python.mp4
    28:07
  • 10. Validating MITRE Data in our TOML - Part 1.mp4
    14:39
  • 11. Validating MITRE Data in our TOML - Part 2.mp4
    14:39
  • 12. Converting and Validating our Detections.mp4
    06:59
  • 1. Introduction.mp4
    01:05
  • 2. Obtaining your API Key.mp4
    01:58
  • 3. Pushing a Sample Rule.mp4
    07:35
  • 4. Writing a TOML to JSON Script.mp4
    18:59
  • 5. GETing Our First Rule and Managing Rule IDs.mp4
    08:12
  • 6. Working our Custom Detections.mp4
    18:28
  • 7. Updating our Custom Detections.mp4
    04:18
  • 1. Overview.mp4
    07:46
  • 2. GitHub Actions Introduction.mp4
    05:24
  • 3. Uploading our Detections and Code.mp4
    06:14
  • 4. Creating our TOML Validation Action.mp4
    11:36
  • 5. Enforcing Validation Checks.mp4
    06:28
  • 6. Syncing with Elastic - Part 1.mp4
    07:45
  • 7. Syncing with Elastic - Part 2.mp4
    19:03
  • 1. Overview.mp4
    02:02
  • 2. Converting our TOML to CSV.mp4
    16:47
  • 3. Converting our TOML to MD.mp4
    16:53
  • 4. Converting our TOML to ATT&CK Navigator JSON.mp4
    14:35
  • 5. Creating our Metrics GitHub Action.mp4
    17:11
  • 6. Creating Status Badges.mp4
    02:14
  • 1. Conclusion.mp4
    04:00

    • Description

    Detection Engineering Zero to Hero

    What You'll Learn?

    • Understand how to write detection documentation
    • Ability to automate document validation
    • Learn GitHub actions to validate documents automatically
    • Write Python scripts to sync up the detection library with the SIEM
    • Write Python scripts to create metrics

    Who is this for?

  • security analysts
  • incident responders
  • detection engineers
  • cyber security college students

    • What You Need to Know?

  • Completion of "Detection Engineering Masterclass: Part 1"
  • Basic understanding of Python

    • More details

    Description

    Welcome to the Detection Engineering Masterclass: Part 2!


    Don't Purchase if you haven't gone through Part 1!


    Two Part Course Overview

    This course will first teach the theory behind security operations and detection engineering. We’ll then start building out our home lab using VirtualBox and Elastic’s security offering. Then we’ll run through three different attack scenarios, each more complex than the one prior. We’ll make detections off of our attacks, and learn how to document our detections. Next we’ll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we’ll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we’ll have a final section on how to write scripts to gather important metrics and visualizations.


    This course takes students from A-Z on the detection engineering lifecycle and technical implementation of a detection engineering architecture.


    While this course is marketed as entry level, any prerequisite knowledge will help in the courses learning curve. Familiarity with security operations, searching logs, security analysis, or any related skillset will be helpful (but ultimately not required).


    Part Two Overview

    This is part two of a two part series on Detection Engineering! This course is meant to kickstart anyone interested in security analysis, detection engineering, and security architecture.


    The first part is the meat of the course, where we will go over:

    1. Detection Engineering Theory

    2. Setting Up our Lab

    3. Working with Logging and our SIEM

    4. Running Attack Scenarios to generate logs and create alerts

    5. Learn how to use Atomic Red Team for testing


    The second part deals with detection as code philosophies, which will be very Python and GitHub heavy (but don't worry! I'll walk you through everything step by step.)


    By the end of this two part course, you'll have a full stack detection engineering architecture. You'll be able to:

    1. Run offensive tests

    2. Review the logs

    3. Make alerts

    4. Save alerts using a standardized template

    5. Enforce template data through code

    6. Programmatically push the alerts to the SIEM

    7. Run periodic metrics off the detection data


    The entire course runs ~11 or so hours in length, but should take ~20-40 hours to complete fully. All code written will be available on the course GitHub in case you'd like to skip the Python heavy sections.


    Requirements

    The ability to run 2-3 VMs on a local machine:

    • Ubuntu Linux

    • ParrotOS

    • Windows 11


    Minimum Requirements

    CPU Cores: 4

    RAM: 8gb

    Hard Drive Space: 50GB


    Recommended Requirements

    CPU Cores: 6+

    RAM: 16GB+

    Hard Drive Space: 50GB+


    You can technically get by with the main host having only a couple cores and 8 gigs of RAM, but any additional resources that can be assigned to your VMs will make the process smoother.


    Thanks for stopping by!

    Who this course is for:

    • security analysts
    • incident responders
    • detection engineers
    • cyber security college students

    User Reviews
    Rating
    0
    0
    0
    0
    0
    average 0
    Total votes0
    Focused display
    Category

    Software Engineering

    Anthony Isherwood
    Anthony Isherwood
    Instructor's Courses
    My name is Anthony Isherwood. I am a seasoned security professional with past roles in incident response, vulnerability management, SIEM engineering, security architecture, SOC coaching, and consulting. I currently enjoy working as Lead Detection Engineer for a large media company, focusing on detection creation, automation, and adversary emulation.I have taken red team courses and certs such as TCM's own Practical Ethical Hacking course, VirtualHackingLabs, and obtained the OSCP. In addtion, I also obtained the GIAC Reverse Engineering Malware GREM certification and have a couple lapsed Comptia certs such as the Security+ and CySA+.I truly love this field! My goal is to enable others to accelerate their growth and enjoy the field as much as I do.Outside of my professional work, I enjoy lifting in my home gym or playing some games to unwind at night. I have a beautiful family, a wife and son, who always drive me to be the best version of myself I can be. A special shoutout to my wife, who shouldered extra responsibility as I was developing and creating this course!
    Udemy
    Udemy
    View courses Udemy
    Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.
    • language english
    • Training sessions 33
    • duration 5:29:26
    • Release Date 2023/09/10

    Courses related to Software Engineering

    Complete Docking Process Using Free Open-Source Programs
    UdemyComplete Docking Process Using Free Open-Source Programs
    27:20
    03/25/2023
    Subtitle
    DevOps Foundations
    Linkedin Learning James Wickett and Ernest Mueller
    James Wickett and Ernest Mueller
    DevOps Foundations
    3:09:08
    English subtitles
    04/27/2024
    Platform Engineering on Kubernetes, Video Edition
    UdemyPlatform Engineering on Kubernetes, Video Edition
    9:46:43
    05/20/2024