Catalogue · MOD-DEF-04

SOC Expertise: Threat Hunting & IR

You can operate a SOC; now it is about taking the initiative. This demanding module trains you in proactive threat hunting, incident response and detection-as-code — threat-informed defence.

Defence (Blue) Expert 6 bricks 10 labs ≈ 21.8 h 5 real cases

Objectives

• Deploy an advanced detection stack • Hunt threats informed by ATT&CK • Conduct incident response • Write detections-as-code (Sigma)

Module bricks

BRQ-DEF-017 — Advanced detection (Security Onion) (2 lab(s))
BRQ-DEF-018 — ATT&CK-informed hunting (2 lab(s))
BRQ-DEF-019 — Lateral movement detection (Sysmon) (1 lab(s))
BRQ-DEF-020 — Detection-as-code (Sigma) (1 lab(s))
BRQ-DEF-021 — Incident response (Velociraptor) (2 lab(s))
BRQ-DEF-022 — C2/beaconing detection & purple validation (RITA) (2 lab(s))

Order this module View full catalogue