This course is designed for security analysts interested in using Kibana to hunt threats to their data and systems. You will start with an introduction to threat hunting, including how it’s different from other security analysis processes, and then move onto an introduction to the Elastic Stack and the powerful set of tools it offers. You will then learn essential Kibana features for analyzing security data, followed by an in-depth look at our network and host data sources, including learning about ways to enrich them. You will then learn about threat hunting philosophy, workflow, models, techniques and how it can help improve the effectiveness of security operations center. All of this will then be followed by a guided hunt exercise to put your new skills to the test.
- Introduction to the threat hunting and the Elastic Stack
- Network data
- Host data
- Data enrichment
- Threat hunting
- Guided Hunt
Classroom - 2 days | 8 hours per day
Virtual - 4 days | 4 hours per day
- No prior knowledge of the Elastic Stack required.
- Familiarity with basic networking and network security, as well as logging and incident response concepts.
- Mac, Linux, or Windows
- Stable internet connection (virtual classroom)
- Latest version of Chrome or Firefox (other browsers not supported)
- Disable any ad-blockers and restart your browser before class