Threat Hunting with Corelight


Course Summary

The Threat Hunting with Corelight course is presented by Perched, an Elastic company. In this instructor-led course, you will learn how to use Corelight with the Elastic Stack for network security monitoring. The coursework culminates with a two-day capstone event in which you will perform a series of increasingly difficult hunting operations using the Corelight data. This capstone is instructor assisted to ensure that no one is left behind. By the end of the training, you will be able to use Corelight via Zeek (formerly Bro) data and the Elastic Stack to analyze your network traffic, sniff out threats, and respond appropriately.

Topics Covered

  • Passive operations and tapping
  • Introduction to Zeek
  • Zeek performance tuning
  • Advanced Zeek
  • Introduction to the Elastic Stack
  • Data ingestion
  • Visualizations and dashboards
  • Assisted hunt

Course Details


Security analysts who are researching, building, or leveraging Corelight as a part of their security monitoring program.


5 days | 8 hours per day

Upcoming Classes

This course is only offered privately. Please contact your sales representative or email us at to schedule a training.


Familiarity with Linux, networking, and network security concepts.


  • An OpenSSH-compatible secure-shell client
  • Mac, Linux, or Windows
  • Stable internet connection (virtual classroom)
  • Latest version of Chrome or Firefox (other browsers not supported)
  • Disable any ad-blockers and restart your browser before class