Understand various threat detection methodologies, rule syntax and tools, and learn how to apply them in a SOC environment.

In this module, we shall be looking at the concepts of detection engineering, including a usable lifecycle, rule writing and testing, orchestration and automation. We’ll dive deeper into how to write detection rules using Sigma and how Windows Event alerts can be triggered using an EDR called Aurora. Additionally, we shall cover the basic concepts of Security Orchestration, Automation and Response (SOAR) and look at how you can implement playbooks and workflows in different scenarios.

Intro to Detection Engineering

Introduce the concept of detection engineering and the frameworks used towards crafting effective threat detection strategies.

Tactical Detection

Establish a baseline knowledge of tactical detection, leveraging efficient techniques to bolster your security posture.

Threat Intelligence for SOC

Learn how to utilise Threat Intelligence to improve the Security Operations pipeline.

Sigma

Provide understanding to Sigma, a Generic Signature Format for SIEM Systems.

SigHunt

You are tasked to create detection rules based on a new threat intel.

Aurora EDR

Familiarise with the use of a Sigma-based EDR tool, Aurora.

Introduction to SOAR

Learn the concepts and methodology surrounding security orchestration, automation, and response.

Topic Rewind Recap

Lock in what you learned with a recap. Earn points and keep your streak.

Need to know

Cyber Threat Intelligence

Learn about identifying and using available security knowledge to mitigate and manage potential adversary actions.

Endpoint Security Monitoring

Monitoring activity on workstations is essential, as that’s where adversaries spend the most time trying to achieve their objectives.

Advanced ELK

Learn about the main components of the ELK stack by going through the installation and configuring process and linking them together to form an effective log analysis utility.

Next steps

Threat Hunting

Understand the fundamentals of threat hunting, and learn how to build your own methodology for effective hunting across your infrastructure.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Hierarchical diagram showing how learning pathways contain modules, which contain individual rooms.