Contact US : +919999508202 [email protected]
Select Page

certified elastic security engineer

Certified Elastic security engineer training is focused on vast implementation and  administration of ELK in the organisations of all sizes . 

With the growing number of laptops, desktops and mobile devices in the enterprise, sophisticated cybercriminals have even more open doors to your networks, systems and data. From these entry points, they often proceed deep and unnoticed.

With the Certified Elastic security engineer a security engineer can detect and responds to threats with complete root-cause . The Powerful Elastic SIEM can identify the Critical threats and prevent the business from insider running threats .

Candidates will learn  how to leverage Elastic SIEM to drive your security operations and threat hunting. This course is designed for security analysts and engineers who have used multiple SIEMs or are familiar with SIEM concepts.

The goal of this course is to provide a detailed knowledge on how to build a effective SIEM from the ground zero level using the Elastic Stack. Throughout the course, students will learn about log collection methodologies and integration . We will cover endpoint agent selection, logging formats, parsing, enrichment, storage, and alerting etc . 

We will combine All of the SIEM components to make a flexible, high-performance SIEM solution. 

This approach will empower the elastic engineers and analysts to understand the complete system, make the best use of technology purchases, and supplement current underperforming deployments. Also This process allows organizations to save money on professional services, increase the efficiency of internal employment, and develop a nimbler solution than many existing deployments .

We have a dedicated section on hunting the anomalies in the infrastructure using advanced query search methodologies and hunting the advanced persistent threat activities with ELK-kibana. The candiate will work on both network layer and application layer to hunt the APT in the simulated environment .

Elastic certified security engineer

detailed syllabus

MDR and Elastic search foundations

Need of MDR in the business , Principles of MDR methodologies, MDR vs Traditional SIEM solutions .MITRE framework for SOC teams, how to map MITRE framework within SIEM .SOC2 compliance, Pyramid of pain and Cyber kill chain for defenders

Detailed Understanding of Elastic Architecture  ,cluster creation with cerebro, fundamentals of curator, Index template for routing , mapping , Data Retention and Optimisation for a production ready elasticsearch will be practised live .

beats and kibana primer

Populate the SIEM app with hosts and network security events using beats. Understand how Elastic Common Schema (ECS) enables SIEM to work with custom and third-party data sources supported by Beats

Configuration of Kibana, AAA policies of Kibana, visualisation of data and maintain the dashboards along with Elasticsearch.

Perform graph analytics, employ machine learning for threat hunting, and alerts for automation will be covered in this module.

ELK log parsing , IDS and Network Investigations

Understanding the Log architecture, Traditional Parsing, Modern phrasing, Dual stack SIEM and alerting engine for elasticsearch

Network traffic investigation with Fine-grained packet sorting, Berkeley Packet Filters, messaging queue and Google Stenographer for further analysis . 

How to employ an IDS to support hunt operations. we will explore signature writing, Suricata vs. Snort, and IDS dashboards within Kibana.

elastic search zeek for defenders

Candidate will practice multiple ways to setup Zeek (formerly Bro) ,Zeek data flow, Zeek logging, Zeek file types, and Zeek protocol analysis.

Exploring Zeek for threat hunting with uses cases . Hands-on Zeek scripting, Zeek Event Engine, Intel Framework, and the Files Framework for defenders.

 

CAPES for Elastic engineers

CAPES Foundations for defenders  , candidate will explore how to perform IR management with CAPES . Exploring the multiple capabilities of CAPES including communication, documentation, VoIP, collaborative workspaces, indicator enrichment, data analysis, and data visualization. This whole module is designed to enhance the engineer existing skills with CAPES technology stack and speed-up workflow .

Elastic search endgame for engineers

Installation and configuration of Elastic Endgame for detection.Understand alert management and whitelisting techniques. Explore IOC search using Endgame. Artemis and Event Query Language (EQL) to identify advanced adversary tradecraft. Leverage the API for extensibility of the platform and customization of data collection. Utilise the Endgame Shell to explore the cutting-edge forensic capabilities.

who should attend this training?
  • Freshers
  • Ethical hackers
  • System Administrators
  • Network Administrators
  • Engineers
  • Web admins
  • Auditors
  • Security Professionals
why should i take this training?

Multiple organizations seeking Elastic Engineers to enhance the existing cyber security defensive capabilities, configure  and implement Elastic Search SIEM for your organization 

prerequisite of the training ?

The person should familiar with basic computer operations 

What is duration of the training ?

Its an Instructor-led online training and the total duration of the training is 45 hours.

TESTIMONIALS

What People Are Saying

Today I've completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.

Satyam Singh

BCA, Delhi University

Positive: Professionalism, Quality, Responsiveness, Value

5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .

Ravi S

Cyber Security Consultant , Red Hawk

We're Here To Help!

Office

3500 , 1st Floor , Raja Park , New Delhi -110034

Hours

M-S: 10am - 11pm