Threat Hunting with Kibana - Virtual
This course is designed for security analysts interested in using Kibana to hunt threats to their data and systems. You will start with an introduction to threat hunting, including how it’s different from other security analysis processes, and then move onto an introduction to the Elastic Stack and the powerful set of tools it offers.
You will then learn essential Kibana features for analyzing security data, followed by an in-depth look at our network and host data sources, including learning about ways to enrich them. You will then learn about threat hunting philosophy, workflow, models, techniques and how it can help improve the effectiveness of security operations center. All of this will then be followed by a guided hunt exercise to put your new skills to the test.
Note: This course is also available in a classroom environment.Topics Covered
- Introduction to the threat hunting and the Elastic Stack
- Network data
- Host data
- Data enrichment
- Threat hunting
- Guided Hunt
- No prior knowledge of the Elastic Stack required.
- Familiarity with basic networking and network security, as well as logging and incident response concepts
- Laptop with Wi-Fi connectivity
- Mac, Linux, or Windows
- Latest version of Chrome or Firefox (other browsers not supported)
- Disable any ad blockers and restart your browser before class
- Ensure that any VPNs on your laptop are disabled before class
Virtual Classroom Information
Virtual classroom trainings are delivered in four, six or eight-hour sessions of live lectures and lab time, with scheduled breaks throughout the session.
Open a specific offering (listed at the top of the page) to see the hours in which it will be held.
We encourage participants to set up their systems prior to logging into the training environment the first day of the class and logged in 15 minutes prior to the start of class each day.