Advanced Detection Engineering For Windows

Building good analytics and automated detection capabilities require a detailed understanding of attackers and their known or expected behavior. By understanding the different tools and techniques used by attackers and what indicators can be extracted, better detection capabilities can be developed. This process is called Detection Engineering and it is a crucial aspect to be truly effective at discovering attackers in your network. This instructor-led training focuses on the entire detection engineering cycle. Guiding participants in defining a scope, researching the relevant (sub-)techniques, building the detection analytic, investigating which logs can be utilized, and validating the resilience of the analytic against evasion. The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations. The student is free to decide whether to perform the hands-on exercises using either Microsoft Defender for Endpoint or Microsoft Sentinel. While hands-on exercises focus predominantly on the endpoint, the methodology can be applied to any part of on infrastructure.