Network Security Monitoring Cyber Operator


Course Summary

The Network Security Monitoring Cyber Operator course is presented by Perched, an Elastic company. This instructor-led course is designed for operators that serve or are interested in serving as the “human-in-the-loop” to a suite of cybersecurity tools. While focused primarily on the best of breed open source security tools, the knowledge gained aims to be tool agnostic. You will learn to use the Elastic Stack along with security tools like Zeek (formerly Bro) and Suricata to perform full-spectrum threat detection and hunting. The course ends with a guided hunt capstone containing multiple scenarios — both as an individual hunter and as part of a team — that will engage the newly learned skills to find the adversary in the traffic.

Topics Covered

  • Introduction to packet analysis
  • Protocol analysis with Zeek
  • Intrusion detection systems (IDS)
  • Kibana for operators
  • Assisted hunt

Course Details


Cybersecurity operators who need to work as part of a team to analyze data to find bad actors lurking in their network as part of a machine-assisted, human-driven operation.


5 Days | 8 hours per day

Upcoming Classes

This course is only offered privately. Please contact your sales representative or email us at to schedule a training.


  • Familiarity with Linux, networking, and network security concepts
  • Foundational Zeek knowledge
  • Basic operational knowledge of Kibana


  • An OpenSSH-compatible secure-shell client
  • Mac, Linux, or Windows
  • Stable internet connection (virtual classroom)
  • Latest version of Chrome or Firefox (other browsers not supported)
  • Disable any ad blockers and restart your browser before class