Detection Engineering Masterclass: Part 2
Published 7/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.89 GB | Duration: 5h 28m
Detection Engineering Zero to Hero
What you'll learn
Understand how to write detection documentation
Ability to automate document validation
Learn GitHub actions to validate documents automatically
Write Python scripts to sync up the detection library with the SIEM
Write Python scripts to create metrics
Requirements
Completion of "Detection Engineering Masterclass: Part 1"
Basic understanding of Python
Description
Welcome to the Detection Engineering Masterclass: Part 2!Don't Purchase if you haven't gone through Part 1!Two Part Course OverviewThis course will first teach the theory behind security operations and detection engineering. We'll then start building out our home lab using VirtualBox and Elastic's security offering. Then we'll run through three different attack scenarios, each more complex than the one prior. We'll make detections off of our attacks, and learn how to document our detections. Next we'll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we'll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we'll have a final section on how to write scripts to gather important metrics and visualizations.This course takes students from A-Z on the detection engineering lifecycle and technical implementation of a detection engineering architecture.While this course is marketed as entry level, any prerequisite knowledge will help in the courses learning curve. Familiarity with security operations, searching logs, security analysis, or any related skillset will be helpful (but ultimately not required).Part Two OverviewThis is part two of a two part series on Detection Engineering! This course is meant to kickstart anyone interested in security analysis, detection engineering, and security architecture. The first part is the meat of the course, where we will go over
etection Engineering TheorySetting Up our LabWorking with Logging and our SIEMRunning Attack Scenarios to generate logs and create alertsLearn how to use Atomic Red Team for testingThe second part deals with detection as code philosophies, which will be very Python and GitHub heavy (but don't worry! I'll walk you through everything step by step.)By the end of this two part course, you'll have a full stack detection engineering architecture. You'll be able to:Run offensive testsReview the logsMake alertsSave alerts using a standardized templateEnforce template data through codeProgrammatically push the alerts to the SIEMRun periodic metrics off the detection dataThe entire course runs ~11 or so hours in length, but should take ~20-40 hours to complete fully. All code written will be available on the course GitHub in case you'd like to skip the Python heavy sections.RequirementsThe ability to run 2-3 VMs on a local machine:Ubuntu LinuxParrotOSWindows 11Minimum RequirementsCPU Cores: 4RAM: 8gbHard Drive Space: 50GBRecommended RequirementsCPU Cores: 6+RAM: 16GB+ Hard Drive Space: 50GB+You can technically get by with the main host having only a couple cores and 8 gigs of RAM, but any additional resources that can be assigned to your VMs will make the process smoother.Thanks for stopping by!
Overview
Section 1: TOML
Lecture 1 TOML Overview
Lecture 2 Setting up a Development Environment
Lecture 3 Reviewing Elastic Rule TOML
Lecture 4 Working with the Elastic Detection Rules Repo
Lecture 5 Validating TOML Syntax Using Taplo
Lecture 6 Creating an Elastic TOML Template
Lecture 7 Enforcing TOML Required Fields
Lecture 8 Working with Multiple TOML Files
Lecture 9 Creating a MITRE Object in Python
Lecture 10 Validating MITRE Data in our TOML - Part 1
Lecture 11 Validating MITRE Data in our TOML - Part 2
Lecture 12 Converting and Validating our Detections
Section 2: Elastic API
Lecture 13 Introduction
Lecture 14 Obtaining your API Key
Lecture 15 Pushing a Sample Rule
Lecture 16 Writing a TOML to JSON Script
Lecture 17 GET'ing Our First Rule and Managing Rule IDs
Lecture 18 Working our Custom Detections
Lecture 19 Updating our Custom Detections
Section 3: GitHub
Lecture 20 Overview
Lecture 21 GitHub Actions Introduction
Lecture 22 Uploading our Detections and Code
Lecture 23 Creating our TOML Validation Action
Lecture 24 Enforcing Validation Checks
Lecture 25 Syncing with Elastic - Part 1
Lecture 26 Syncing with Elastic - Part 2
Section 4: Metrics
Lecture 27 Overview
Lecture 28 Converting our TOML to CSV
Lecture 29 Converting our TOML to MD
Lecture 30 Converting our TOML to ATT&CK Navigator JSON
Lecture 31 Creating our Metrics GitHub Action
Lecture 32 Creating Status Badges
Section 5: Conclusion
Lecture 33 Conclusion
security analysts,incident responders,detection engineers,cyber security college students
What you'll learn
Understand how to write detection documentation
Ability to automate document validation
Learn GitHub actions to validate documents automatically
Write Python scripts to sync up the detection library with the SIEM
Write Python scripts to create metrics
Requirements
Completion of "Detection Engineering Masterclass: Part 1"
Basic understanding of Python
Description
Welcome to the Detection Engineering Masterclass: Part 2!Don't Purchase if you haven't gone through Part 1!Two Part Course OverviewThis course will first teach the theory behind security operations and detection engineering. We'll then start building out our home lab using VirtualBox and Elastic's security offering. Then we'll run through three different attack scenarios, each more complex than the one prior. We'll make detections off of our attacks, and learn how to document our detections. Next we'll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we'll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we'll have a final section on how to write scripts to gather important metrics and visualizations.This course takes students from A-Z on the detection engineering lifecycle and technical implementation of a detection engineering architecture.While this course is marketed as entry level, any prerequisite knowledge will help in the courses learning curve. Familiarity with security operations, searching logs, security analysis, or any related skillset will be helpful (but ultimately not required).Part Two OverviewThis is part two of a two part series on Detection Engineering! This course is meant to kickstart anyone interested in security analysis, detection engineering, and security architecture. The first part is the meat of the course, where we will go over
etection Engineering TheorySetting Up our LabWorking with Logging and our SIEMRunning Attack Scenarios to generate logs and create alertsLearn how to use Atomic Red Team for testingThe second part deals with detection as code philosophies, which will be very Python and GitHub heavy (but don't worry! I'll walk you through everything step by step.)By the end of this two part course, you'll have a full stack detection engineering architecture. You'll be able to:Run offensive testsReview the logsMake alertsSave alerts using a standardized templateEnforce template data through codeProgrammatically push the alerts to the SIEMRun periodic metrics off the detection dataThe entire course runs ~11 or so hours in length, but should take ~20-40 hours to complete fully. All code written will be available on the course GitHub in case you'd like to skip the Python heavy sections.RequirementsThe ability to run 2-3 VMs on a local machine:Ubuntu LinuxParrotOSWindows 11Minimum RequirementsCPU Cores: 4RAM: 8gbHard Drive Space: 50GBRecommended RequirementsCPU Cores: 6+RAM: 16GB+ Hard Drive Space: 50GB+You can technically get by with the main host having only a couple cores and 8 gigs of RAM, but any additional resources that can be assigned to your VMs will make the process smoother.Thanks for stopping by! Overview
Section 1: TOML
Lecture 1 TOML Overview
Lecture 2 Setting up a Development Environment
Lecture 3 Reviewing Elastic Rule TOML
Lecture 4 Working with the Elastic Detection Rules Repo
Lecture 5 Validating TOML Syntax Using Taplo
Lecture 6 Creating an Elastic TOML Template
Lecture 7 Enforcing TOML Required Fields
Lecture 8 Working with Multiple TOML Files
Lecture 9 Creating a MITRE Object in Python
Lecture 10 Validating MITRE Data in our TOML - Part 1
Lecture 11 Validating MITRE Data in our TOML - Part 2
Lecture 12 Converting and Validating our Detections
Section 2: Elastic API
Lecture 13 Introduction
Lecture 14 Obtaining your API Key
Lecture 15 Pushing a Sample Rule
Lecture 16 Writing a TOML to JSON Script
Lecture 17 GET'ing Our First Rule and Managing Rule IDs
Lecture 18 Working our Custom Detections
Lecture 19 Updating our Custom Detections
Section 3: GitHub
Lecture 20 Overview
Lecture 21 GitHub Actions Introduction
Lecture 22 Uploading our Detections and Code
Lecture 23 Creating our TOML Validation Action
Lecture 24 Enforcing Validation Checks
Lecture 25 Syncing with Elastic - Part 1
Lecture 26 Syncing with Elastic - Part 2
Section 4: Metrics
Lecture 27 Overview
Lecture 28 Converting our TOML to CSV
Lecture 29 Converting our TOML to MD
Lecture 30 Converting our TOML to ATT&CK Navigator JSON
Lecture 31 Creating our Metrics GitHub Action
Lecture 32 Creating Status Badges
Section 5: Conclusion
Lecture 33 Conclusion
security analysts,incident responders,detection engineers,cyber security college students
Code:
Bitte
Anmelden
oder
Registrieren
um Code Inhalt zu sehen!
Code:
Bitte
Anmelden
oder
Registrieren
um Code Inhalt zu sehen!
Code:
Bitte
Anmelden
oder
Registrieren
um Code Inhalt zu sehen!