Adversary Tactics - Detection

You bought all the latest detection tools, but somehow still can't seem to detect mimikatz. IT is screaming about the resource consumption from the multitude of security tools on the endpoints, analysts are barely staying afloat in the oceans of data your toolsets have created, and the latest red team report detailed how response actions were ineffective again. If this sounds familiar for your organization, this is the course for you. We'll walk you through starting with a detection engineering strategy first and then focusing on methodologies to build robust alerting, with the end result of improving detection and response capabilities throughout security operations. This course will provide you the understanding and ability to build robust detections, starting with the why and going all the way to the technical implementation of detecting threat actor activity. You will learn how to apply the methodologies and technical approaches practiced, regardless of the security toolsets deployed in your organization. In this course, you will: Learn how to best integrate different components of a detection program for maximum effect Integrate "threat hunting" activity into current detection programs to drive meaningful detection engineering Understand different threat hunting campaign approaches Perform data sensor and data source analysis Understand various MITRE TTPs and Threat Intelligence Practice standardized processes for developing technical detections Document detection research into standardized formats for use in security operations In technical labs, practice data aggregation & analysis at scale to detect threat actor activity