Detection engineering is a method to build and improve your detection capabilities. The Detection Engineering for Windows training brings you up-to-speed in two days.
To help building proper analytics and automated detection capabilities requires an understanding of the techniques and tooling an attacker utilizes, the various options they can use, and what kind of indicators can be extracted from them. This process is called Detection Engineering and it is a *crucial* factor in the whole chain to be truly effective in being able to catch any attacker in your network.
Additional to a solid prevention program, you will have the need for visibility of attacks. This requires developing solid detections. Regardless of the form (a hunt, an alert rule, or some other form of risk-based trigger), detection engineering entails a lot more than randomly digging through data or copy pasting queries you've found on the internet.
This 2-day training focuses on the whole detection engineering cycle, from defining an analytic to researching the relevant techniques to building the detection logic, researching which logs can be utilized and validating its resilience in attempts to bypass it.
Log data obviously has a very important role here; getting to know your data in-depth and understanding what a system can generate will allow you to focus your detective capabilities as well as utilize your data as efficient as possible. After executing multiple variants of an attack, we will examine all available data to see what kind of indicators were generated and which ones are of use with an acceptable false positive rate. This might involve more data than an organization generally onboards. In some cases, the data can be onboarded while in other cases the risk will have to be accepted due to a high volume or false positive rate.
This training consists of several hands-on exercises for the students to get used to the detection engineering methodology and to start implementing this in their organizations.
This training is powered and delivered by FalconForce