お問い合わせを送信いただきありがとうございます!当社のスタッフがすぐにご連絡いたします。
予約を送信いただきありがとうございます!当社のスタッフがすぐにご連絡いたします。
コース概要
Introduction & Course Orientation
- Course objectives, expected outcomes, and lab environment setup
- High-level EDR architecture and OpenEDR components
- Review of MITRE ATT&CK framework and threat-hunting fundamentals
OpenEDR Deployment & Telemetry Collection
- Installing and configuring OpenEDR agents on Windows endpoints
- Server components, data ingestion pipelines, and storage considerations
- Configuring telemetry sources, event normalization, and enrichment
Understanding Endpoint Telemetry & Event Modeling
- Key endpoint event types, fields, and how they map to ATT&CK techniques
- Event filtering, correlation strategies, and noise reduction techniques
- Creating reliable detection signals from low-fidelity telemetry
Mapping Detections to MITRE ATT&CK
- Translating telemetry into ATT&CK technique coverage and detection gaps
- Using ATT&CK Navigator and documenting mapping decisions
- Prioritizing techniques for hunting based on risk and telemetry availability
Threat Hunting Methodologies
- Hypothesis-driven hunting vs indicator-led investigations
- Hunt playbook development and iterative discovery workflows
- Hands-on hunting labs: identifying lateral movement, persistence, and privilege escalation patterns
Detection Engineering & Tuning
- Designing detection rules using event correlation and behavioral baselines
- Rule-testing, tuning to reduce false positives, and measuring effectiveness
- Creating signatures and analytic content for reuse across the environment
Incident Response & Root Cause Analysis with OpenEDR
- Using OpenEDR to triage alerts, investigate incidents, and timeline attacks
- Forensic artifact collection, evidence preservation, and chain-of-custody considerations
- Integrating findings into IR playbooks and remediation workflows
Automation, Orchestration & Integration
- Automating routine hunts and alert enrichment using scripts and connectors
- Integrating OpenEDR with SIEM, SOAR, and threat intelligence platforms
- Scaling telemetry, retention, and operational considerations for enterprise deployments
Advanced Use Cases & Red Team Collaboration
- Simulating adversary behavior for validation: purple-team exercises and ATT&CK-based emulation
- Case studies: real-world hunts and post-incident analyses
- Designing continuous improvement cycles for detection coverage
Capstone Lab & Presentations
- Guided capstone: full hunt from hypothesis through containment and root cause analysis using lab scenarios
- Participant presentations of findings and recommended mitigations
- Course wrap-up, materials distribution, and recommended next steps
要求
- An understanding of endpoint security fundamentals
- Experience with log analysis and basic Linux/Windows administration
- Familiarity with common attack techniques and incident response concepts
Audience
- Security operations center (SOC) analysts
- Threat hunters and incident responders
- Security engineers responsible for detection engineering and telemetry
21 時間
お客様の声 (4)
The trainer was very knowledgable and took time to give a very good insight into cyber security issues. A lot of these examples could be used or modified for our learners and create some very engaging lesson activities.
Jenna - Merthyr College
コース - Fundamentals of Corporate Cyber Warfare
教師を証明するペンテスターのスキル
Oleksii Adamovych - EY GLOBAL SERVICES (POLAND) SP Z O O
コース - Ethical Hacker
機械翻訳
講師は非常に幅広い知識を持ち、自分の仕事に熱心に取り組んでいます。講師の講義は聞き手の興味を引くものになっています。トレーニングの範囲は私の期待に完全に合致していました。
Karolina Pfajfer - EY GLOBAL SERVICES (POLAND) SP Z O O
コース - MasterClass Certified Ethical Hacker Program
機械翻訳
All is excellent
