FalconForce developed two specialist trainings for security professionals to help improving their detection capabilities. One for maximum flexibility with your busy schedule and one advanced training to go all-in with additional lab and exercises.
Building good analytics and automated detection capabilities require a detailed understanding of attackers and their known or expected behavior. By understanding the different tools and techniques used by attackers and what indicators can be extracted, better detection capabilities can be developed.
This process is called Detection Engineering and it is a crucial aspect to be truly effective at discovering attackers in your network. The instructor-led trainings focus on the entire detection engineering cycle. Guiding participants in defining a scope, researching the relevant (sub-)techniques, building the detection analytic, investigating which logs can be utilized, and validating the resilience of the analytic against evasion.
Detection Engineering For Windows
This training is facilitated in 2 full-day or 4 half-day sessions, and mixes theory and hands-on exercises.
Advanced Detection Engineering for Windows
This training is facilitated in 4 full-day sessions, with even more focus on hands-on exercises.
Students should be familiar with Windows and have basic PowerShell experience. Furthermore, at least some experience with Azure Sentinel and their respective query languages is required. To be able to connect to our lab environment, students should be able to use Microsoft RDP (Remote Desktop Protocol) via the Internet on port 3389 TCP.
Interested in a private training for your organization?