Elastic Security Analytics


Course Summary

This instructor-led course is designed for analysts that currently use, or are interested in using, the Elastic Stack for security event collection and analytics. You will start with an overview of the Elastic Stack, exploring the various components and some of the use cases they can serve. The remainder of this course will take an in-depth look at several security related data sources and how to gain value from them with the Elastic Stack. As you learn about these data sources, we will mix in instruction on the various components of Kibana, including basic discovery, visualizations and dashboards, and advanced components like Graph and machine learning. After completing each module, you will apply what you have learned in a series of hands-on labs. By the end of the training, you will be able to use the Elastic Stack to analyze the data sources from your network and various systems in order to paint a more complete security picture.

  • Introduction to the Elastic Stack
  • Threat Detection
  • Bro Basics
  • Suricata IDS
  • Windows Host Data
  • Linux Host Data
  • Enriching Host Data
  • Guided Hunt

Course Details

Security analysts who are researching, building, or leveraging search and analytics solutions using the Elastic Stack

3 Days | 8 hours per day

This course is only offered privately. Please contact your sales representative or email us at sales@elastic.co to schedule a training.

No prior knowledge of the Elastic Stack required

  • Stable internet connection
  • Mac, Linux, or Windows
  • Latest version of Chrome or Firefox (other browsers not supported)
  • Disable any ad-blockers and restart your browser before class