Elastic Endpoint Security Advanced Threat Hunting


Course Summary

New cybersecurity threats appear every day, as adversaries are always evolving and finding new ways to attack your network. This instructor-led course focuses on advanced threat hunting scenarios using the Elastic Endpoint Security platform. You will learn about various types of hunts — including data-driven, technique-driven and intel-driven hunting. You will then learn how to perform these hunt types by exploring built-in investigations and analytics as well as Event Query Language (EQL) capabilities. After completing this course, you'll be able to employ these proactive methods to identify advanced threats more quickly and respond to them easily.

Topics Covered

  • Introduction to threat hunting on an endpoint platform
  • Hunt types
  • Data-driven hunting
  • Introduction to Event Query Language (EQL)
  • Advanced EQL use cases

Course Details


Security analysts who are responsible for threat hunting on the Elastic Endpoint Security solution


Classroom - 2 days | 8 hours per day
Virtual - 4 days | 4 hours per day

Upcoming Classes

This course is only offered privately. Please contact your sales representative or email us at sales@elastic.co to schedule a training.


Complete the Elastic Endpoint Security course, or possess equivalent knowledge


  • Mac, Linux, or Windows
  • Stable internet connection (virtual classroom)
  • Latest version of Chrome or Firefox (other browsers not supported)
  • Disable any ad blockers and restart your browser before class