Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Introduction and Course Orientation
- Course objectives, expected outcomes, and lab environment setup.
- Overview of EDR architecture and OpenEDR components.
- Review of the MITRE ATT&CK framework and threat-hunting fundamentals.
OpenEDR Deployment and Telemetry Collection
- Installing and configuring OpenEDR agents on Windows endpoints.
- Managing server components, data ingestion pipelines, and storage considerations.
- Configuring telemetry sources, normalizing events, and enriching data.
Understanding Endpoint Telemetry and Event Modeling
- Exploring key endpoint event types, fields, and their mapping to ATT&CK techniques.
- Implementing event filtering, correlation strategies, and noise reduction techniques.
- Generating reliable detection signals from low-fidelity telemetry.
Mapping Detections to MITRE ATT&CK
- Translating telemetry into ATT&CK technique coverage and identifying detection gaps.
- Utilizing ATT&CK Navigator and documenting mapping decisions.
- Prioritizing techniques for hunting based on risk profiles and telemetry availability.
Threat Hunting Methodologies
- Comparing hypothesis-driven hunting with indicator-led investigations.
- Developing hunt playbooks and establishing iterative discovery workflows.
- Conducting hands-on hunting labs to identify patterns of lateral movement, persistence, and privilege escalation.
Detection Engineering and Tuning
- Designing detection rules using event correlation and behavioral baselines.
- Testing and tuning rules to minimize false positives while measuring effectiveness.
- Creating reusable signatures and analytic content for the organization.
Incident Response and Root Cause Analysis with OpenEDR
- Using OpenEDR to triage alerts, investigate incidents, and construct attack timelines.
- Collecting forensic artifacts, preserving evidence, and maintaining chain-of-custody protocols.
- Integrating findings into IR playbooks and remediation workflows.
Automation, Orchestration, and Integration
- Automating routine hunts and alert enrichment using scripts and connectors.
- Integrating OpenEDR with SIEM, SOAR, and threat intelligence platforms.
- Addressing operational considerations for scaling telemetry and data retention in enterprise deployments.
Advanced Use Cases and Red Team Collaboration
- Simulating adversary behavior for validation through purple-team exercises and ATT&CK-based emulation.
- Analyzing case studies from real-world hunts and post-incident reviews.
- Designing continuous improvement cycles to enhance detection coverage.
Capstone Lab and Presentations
- Guided capstone exercise: conducting a full hunt from hypothesis through containment and root cause analysis using lab scenarios.
- Participant presentations of findings and recommended mitigations.
- Course wrap-up, distribution of materials, and recommended next steps.
Requirements
- A solid understanding of endpoint security fundamentals.
- Experience with log analysis and basic administration of Linux and Windows operating systems.
- Familiarity with common attack techniques and incident response concepts.
Target Audience
- Security Operations Center (SOC) analysts.
- Threat hunters and incident responders.
- Security engineers focused on detection engineering and telemetry management.
21 Hours
Testimonials (2)
Clarity and pace of explanations
Federica Galeazzi - Aethra Telecomunications SRL
Course - AI-Powered Cybersecurity: Advanced Threat Detection & Response
The instructor's mastery of all the topics
Miguel Angel Jimenez Sanchez - ASP Integra Opciones
Course - MITRE ATT&CK
Machine Translated