+91-9999508202 [email protected]

Elastic Security Engineer Training

Beginner • Advanced

elastic security engineer training


The Certified Elastic Security Engineer training is focused on implementing and administering ELK in organizations of all sizes. With the increasing number of laptops, desktops, and mobile devices in enterprises, cybercriminals have more opportunities to gain unauthorized access to networks, systems, and data. These sophisticated cybercriminals can easily go undetected and cause severe damage.

By taking the Certified Elastic Security Engineer course, security engineers can detect and respond to threats with complete root-cause analysis. The powerful Elastic SIEM can identify critical threats and prevent businesses from insider threats. This course is designed for security analysts and engineers who are familiar with SIEM concepts or have used multiple SIEMs.

The primary objective of this course is to provide in-depth knowledge on how to build an effective SIEM using the Elastic Stack from scratch. Throughout the course, students will learn about log collection methodologies, integration, endpoint agent selection, logging formats, parsing, enrichment, storage, and alerting. We will combine all of the SIEM components to make a flexible, high-performance SIEM solution.

This approach empowers Elastic engineers and analysts to understand the complete system, make the best use of technology purchases, and supplement current underperforming deployments. It also allows organizations to save money on professional services, increase the efficiency of internal employment, and develop a nimbler solution than many existing deployments.

We have a dedicated section that focuses on hunting anomalies in the infrastructure using advanced query search methodologies and identifying advanced persistent threat activities with ELK-Kibana. Candidates will work on both network and application layers to hunt APTs in a simulated environment. By completing this course, they will have the knowledge and skills required to make their organisations security operations more robust and effective.

What You’ll Learn

  • MDR Foundations , Frameworks and SOC Compliances
  • Elastic Architecture and Implementation
  • Beats and Kibana Internals 
  • Log Parsing , Data Mapping & Indexing , IDS integration  and Network Investigations
  • Zeek Internals for defensive operations
  • CAPES for ELK Security
  • Elastic Endgame for SOC Engineers

Training Modules

Managed Detections and SOC foundations
  • Need of MDR in the business
  • Principles of MDR methodologies
  • MDR vs Traditional SIEM solutions
  • MITRE framework for SOC teams
  • How to map MITRE framework within SIEM solutions
  • SOC2 compliance for defensive environments
  • Pyramid of pain and Cyber kill chain for defenders
ElasticSearch Cluster Implementation
  • Detailed Understanding of Elastic Architecture
  • ELK cluster creation with cerebro
  • Fundamentals of ELK curator
  • Index template for routing , mapping , Data Retention and Optimisation for a production ready elastic search .
Beats and Kibana Primer
  • Populate the SIEM app with hosts and network security events using beats.
  • Understand how Elastic Common Schema (ECS) enables SIEM to work with custom and third-party data sources supported by Beats.
  • Configuration of Kibana, AAA policies of Kibana, visualisation of data and maintain the dashboards along with Elasticsearch.
  • Performing graph analytics, employ machine learning for threat hunting, and alerts for automation .
ELK Log Parsing , IDS and Investigations
  • Understanding the Log architecture

  • Traditional Parsing vs Modern phrasing

  • Dual stack SIEM and alerting engine for elasticsearch

  • Network traffic investigation with Fine-grained packet sorting, Berkeley Packet Filters, messaging queue and Google Stenographer for further analysis .

  • How to employ an IDS to support hunt operations .

  • Suricata signature writing and Snort rules for defenders . 

  • IDS dashboards within Kibana.

Zeek for Defensive Operations
  • Setup Zeek (formerly Bro)

  • Understanding Zeek data flow

  • Zeek logging, Zeek file types, and Zeek protocol analysis.

  • Exploring Zeek for threat hunting with uses cases .

  • Hands-on Zeek scripting

  • Zeek Event Engine for defenders 

  • Intel &  the Files Framework for defender

CAPES for SOC teams
  • CAPES Foundations for defenders 
  • Perform IR management with CAPES .
  • Exploring the multiple capabilities of CAPES including communication, documentation, VoIP, collaborative workspaces, indicator enrichment, data analysis, and data visualization.
Elastic Endgame for Security Engineers
  • Installation and configuration of Elastic Endgame for detection.
  • Understanding the alert management and whitelisting techniques.
  • Exploring IOC search using Endgame. 
  • Artemis and Event Query Language (EQL) to identify advanced adversary tradecraft.
  • Leveraging the API for extensibility of the platform and customisation of data collection.
  • Utilise the Endgame Shell to explore the cutting-edge forensic capabilities
Threat Hunting With Elastic Stack
  • Hunting with Windows event logs and Sysmon
  • Hunting with common web server logs and web application logs
  • Hunting with and correlating additional log types – syslog, DNS, firewall, IDS/IPS, etc.
  • How to search logs to find, analyze, and contextualize anomalous/malicious events
    using ELK
  • How to build and use analytic searches, visualizations, dashboards, automation, and
    alerting/reporting capabilities
  • How to enrich and correlate logs with GeoIP,threat intelligence feeds, ATT&CK mappings, and other log types
  • Creating Security Dasboards and Alert Automation 
  • Capstone: Threat Hunting with ELK CTF
Who Can Apply For The Elastic Security Engineer Training ?
  • Individuals holding a bachelor’s degree and demonstrating an enthusiasm for developing advanced proficiencies in ELK Security.
  • Professionals aspiring for career advancement within SOC profiles.
  • Individuals with a bachelor’s degree in an IT-related domain who intend to transition into SIEM Operations.
  • IT Managers with a desire to enhance their expertise in SOC technical tactics through upskilling.
  • Members of the SOC team aiming to elevate and enrich their current skill portfolio.

Self-Paced Training

Self-paced, the ultimate in flexible cybersecurity learning! With unlimited access to your training, you can learn at your own pace, wherever and whenever it’s convenient for you. Our program includes all labs, exercises, and live support from Codefensive subject matter experts to ensure your success. Join us now to take control of your cybersecurity education!

On-Demand Live Training

Join virtual Codefensive training experience, right from the comfort of your own home! Our industry-leading instructors will deliver interactive courses via live stream, giving you the ultimate in cybersecurity education. Following each class, you’ll have the opportunity to enjoy a keynote from top industry professionals. Choose the ultimate in cybersecurity education and join us today!

Basics of Computer Networks
Basics of Cyber Security

Ready to Get Started?

Book an free consultation and Join the right training for you .