New cybersecurity threats appear every day, as adversaries are always evolving and finding new ways to attack your network. This instructor-led course focuses on advanced threat hunting scenarios using the Elastic Endpoint Security platform. You will learn about various types of hunts — including data-driven, technique-driven and intel-driven hunting. You will then learn how to perform these hunt types by exploring built-in investigations and analytics as well as Event Query Language (EQL) capabilities. After completing this course, you'll be able to employ these proactive methods to identify advanced threats more quickly and respond to them easily.
- Introduction to threat hunting on an endpoint platform
- Hunt types
- Data-driven hunting
- Introduction to Event Query Language (EQL)
- Advanced EQL use cases
Security analysts who are responsible for threat hunting on the Elastic Endpoint Security solution
Classroom - 2 days | 8 hours per day
Virtual - 4 days | 4 hours per day
This course is only offered privately. Please contact your sales representative or email us at email@example.com to schedule a training.
Complete the Elastic Endpoint Security course, or possess equivalent knowledge
- Mac, Linux, or Windows
- Stable internet connection (virtual classroom)
- Latest version of Chrome or Firefox (other browsers not supported)
- Disable any ad blockers and restart your browser before class