Detection Engineering Demystified

Short Course

Detection Engineering Demystified

Automate and improve your organization’s threat detection capabilities with detection engineering.

5.0

from 22+ reviews

4 Hours of video content

Advanced

Certificate of Completion Included

Overview What You Will Learn Curriculum Instructor

Course Overview

Creating and managing your custom detections can get complex quickly. You want to make sure you have a reliable and repeatable process for this workflow before you have too many detections to maintain.

In this course, you will be introduced to a full detection-as-code workflow. You will learn how to develop and craft detections from threat intelligence. You will understand how to use Sigma, an industry-standard detection documentation format, and the MITRE ATT&CK Framework, used to understand and categorize threat actor tools, techniques, and procedures. Next, you will gain experience with using a git repository and a CI/CD pipeline for collaboration and automation of your detections. Automation options will be examined for deployment, tuning, retirement, testing, and validation of custom detections.

By the end of the course, you will be able to implement a full cradle-to-grave detection lifecycle using automation, version control, and wiki-based documentation.

What You Will Learn

Learn how to design and create custom detections.
Explore the Detections-as-code workflow.
Manage automated deployment of custom detections.
Gain knowledge on automated validation of custom detections.
Gain information on CI/CD pipeline for detection automation.
Discover how to track detection coverage with MITRE ATT&CK.

Program Curriculum

High-level Overview of Course
Creating a Detection
Interpreting Threat Intelligence for Detections
Chapter 1 Quiz

Sigma Detection Format
YARA Rule Format
Introduction to MITRE ATT&CK
Using ATT&CK for Detection Engineering
Chapter 2 Quiz

Using Git Crash Course
Azure DevOps Overview and Setup
Setting up Git Repository
Using Azure DevOps Markdown Wiki
Chapter 3 Quiz

Splunk Brief Introduction
Using the Splunk API
Creating Saved Searches with the Splunk API
Automating Detection Deployment from Wiki Files
Chapter 4 Quiz

Installing Splunk Forwarder
Creating a Manual Detection Test
Adding Test Cases to Detection Documentation
Automating Execution of Detection Test Cases
Chapter 5 Quiz

Brief Introduction to Pipelines
Setting Up an Azure DevOps Pipeline
Integrating the Pipeline into the Detection Repository
Getting Validation Results from Pipeline Report
Chapter 6 Quiz

MITRE ATT&CK introduction
Using MITRE ATT&CK Navigator
Adding Layers to ATT&CK Navigator
Automating Layer Creation from Custom Detections
Chapter 7 Quiz

Load more modules

Instructor

Glenn Barrett

Glenn Barrett has spent over 10 years working for a Fortune 100 company doing incident response, threat hunting, and detection engineering. He has also been an adjunct instructor at a local college, teaching offensive security in several courses in the bachelor's degree program.

Glenn has designed and implemented a detection-as-code workflow from scratch in an enterprise environment and understands the struggles and roadblocks that may arise with this type of process.

Buy this course now

$99.99

Get Immediate access for one year today!

Upgrade to Pro Plans and Get Full Access Today!

Get this course, along with 700+ courses and 50+ learning paths and more in one subscription. Learn more

Unlock All Access

Plans start from $33/mo. Cancel anytime.

Join over 1 Million professionals from the most renowned Companies in the world!

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans

Annual Plans

Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering video-based learning with 840+ courses and diverse Learning Paths to enhance your skills.

^$ 69.00

Billed monthly or $599.00 billed annually

Get Started Now

Start your 7-day trial for $1

What is included

840+ Premium Short Courses
70+ Structured Learning Paths
Validation of Completion with all courses and learning paths
New Courses added every month

Early Access Offer

Pro +

Experience immersive learning with Practice Labs and CTF Challenges for comprehensive skill-building.

^$ 79.00

Billed monthly or $699.00 billed annually

Get Started Now

Start your 7-day trial for $1

Everything in Pro and

1400+ Practice Lab exercises with guided instructions
150+ CTF Challenges with detailed walkthroughs
New Practice Labs and Challenges added every month

Related Courses

Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

Short Course

Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

Vulnerability Assessment and Pentesting

The comprehensive course to secure & crack WEP/WPA/WPA2 key and perform MITM attack from scratch using Kali Linux 2.0.

The comprehensive course to secure & crack WEP/WPA/WPA2 k...

$69.99

Intermediate

5 hr 12 m

Hello
Bootstrap 4 Quick Website Bootstrap Components Course

Short Course

Bootstrap 4 Quick Website Bootstrap Components Course

Software Development

Explore the basics of Bootstrap and learn to create a website in 4 easy steps

Explore the basics of Bootstrap and learn to create a website...

$49.99

Beginner

1 hr 30 m

Hello
CCNA - Understanding Routers and Switches

Short Course

CCNA - Understanding Routers and Switches

Security Architecture and Operations

A comprehensive guide to understanding the in-depth functioning of routers and switches for the preparation of CCNA Exam.

A comprehensive guide to understanding the in-depth functioni...

$49.99

Intermediate

2 hr 0 m

Hello
The Complete Full-Stack JavaScript Course

Short Course

The Complete Full-Stack JavaScript Course

Software Development

Learn full-stack web development using JavaScript (ReactJS, NodeJS, LoopbackJS, Redux and Material-UI)!

Learn full-stack web development using JavaScript (ReactJS, N...

$79.99

Beginner

24 hr 17 m

Hello
React.JS for Ecommerce: Building a Store with React.JS

Short Course

React.JS for Ecommerce: Building a Store with React.JS

DevSecOps

From React.js Fundamentals to Crafting an Online Storefront

From React.js Fundamentals to Crafting an Online Storefront

$49.99

Advanced

3 hr 30 m

Hello
CISSP Certification Domains 5, 6, 7, and 8 Video Training

Short Course

CISSP Certification Domains 5, 6, 7, and 8 Video Training

Cybersecurity

This course is ideal for individuals who desire to pass the Information Systems Security Professional CISSP Certification Exam and want to gain more insight and knowledge around IT, Information, and Cyber Security from a management/senior leader perspective.

This course is ideal for individuals who desire to pass the I...

$69.99

Intermediate

6 hr 30 m

Hello
Helm 3 - Package Manager for Kubernetes

Short Course

Helm 3 - Package Manager for Kubernetes

Software Development

A must tool for every DevOps engineer

A must tool for every DevOps engineer

$49.99

Intermediate

1 hr 27 m

Hello
Learn Ethical Hacking by Hacking Real Websites Legally

Short Course

Learn Ethical Hacking by Hacking Real Websites Legally

Vulnerability Assessment and Pentesting

Fun way to learn ethical hacking by playing online hacking games - hacking real websites legally

Fun way to learn ethical hacking by playing online hacking ga...

$69.99

Beginner

4 hr 18 m

Hello