Network Security Monitoring Engineer


Course Summary

This instructor-led course is focused around the deployment of the Elastic Stack in a security context, including how to implement the different parts of the Elastic Stack (Elasticsearch, Kibana, Beats, and Logstash) and how to tune performance. You will start with an overview of the Elastic Stack and its core components, and from there, build network security monitoring (NSM) sensors in a variety of configurations. By the end of the training, you will be able to build the Elastic Stack from the ground up to analyze the data sources from your network and various systems in order to paint a more complete security picture.

Topics Covered

  • Ansible
  • Zeek install, operate, and maintain
  • Zeek performance tuning
  • Kafka install, operate, and maintain
  • Passive operations and tapping
  • CAPES install, operate, and maintain
  • Elastic Stack install, operate, and maintain
  • Suricata rule management and tuning
  • Sensor troubleshooting
  • Engineer capstone event

Course Details


Security engineers who are responsible for installing, operating, and maintaining the Elastic Stack and network security monitoring platforms


10 Days | 8 hours per day

Upcoming Classes

This course is only offered privately. Please contact your sales representative or email us at to schedule a training.


There are no prerequisites for this course.


  • An OpenSSH-compatible secure-shell client
  • Mac, Linux, or Windows
  • Stable internet connection (virtual classroom)
  • Latest version of Chrome or Firefox (other browsers not supported)
  • Disable any ad-blockers and restart your browser before class