Elastic Alerting for Cybersecurity


Course Summary

The best security systems need to cast a wide net, and then know what’s a valid threat and what’s background noise. And they need to do all that without oversight, allowing administrators to focus their time on the valid threats. In this course, you will learn how to use Elastic Stack alerting functionality to hunt down threats based on custom queries and thresholds, and automatically notify users when there’s a problem. You will explore useful cybersecurity alerts that you can set up in order to enhance your security monitoring capabilities. You will also learn about how to create alerts based on Elastic machine learning anomaly detection. After completing this course, you will be able to use the Elastic Stack to hunt threats more effectively and efficiently.

Topics Covered

  • Introduction to Cybersecurity
  • Introduction to Elastic Stack Alerting
  • Configuring Cybersecurity Alerts
  • Incorporating Machine Learning into Alerting

Course Details

This course is a module of the Security Analytics specialization. Find out how our focused Training Specializations can help you with your use case.


Security Analysts, SOC Managers, Security Practitioners, Information Security Consultants, System Administrators


2-3 hours


  • We recommend taking the following foundational courses (or having equivalent knowledge):
  • Familiarity with security log data
  • Basic networking knowledge
  • Basic experience with Elastic machine learning


  • Stable internet connection
  • Mac, Linux, or Windows
  • Latest version of Chrome or Firefox (other browsers not supported)
  • Disable any ad blockers and restart your browser before class