Elastic Endgame Triage and Response
Learn how to use alert management tools to respond to malicious actions as well as how to hunt for advanced adversary tradecraft.
Course summary
Not every attack is the same, which is why Elastic Endgame gives you detailed explanations for each type of threat and the capability to respond accordingly. This instructor-led course focuses on endpoint detection and response workflows. You will learn how to use alert management tools to respond to malicious actions as well as how to hunt for advanced adversary tradecraft. After completing this course, you will be able to triage and respond to advanced threats, as well as hunt them down in your environment.
- Topics
- Audience
- Duration
- Pre-reqs
- Requirements
Topics
Triage, tune, and investigate
Understand alert management and whitelisting techniques. Leverage Artemis — the Elastic Endgame intelligent assistant — to make your job easier. Learn response actions for eradicating malicious behavior. Explore IOC search using Endgame.
Hunt
Learn how to identify outliers in an environment. Explore advanced tradecraft analytics and how to enumerate malicious activity. Use Artemis and Event Query Language (EQL) to search for and identify “living off the land” techniques as well as advanced adversary tradecraft. Leverage the API for extensibility of the platform and customization of data collection. Utilize the Endgame Shell — a custom python tool built to utilize the API and provide cutting-edge forensic capabilities.
Topics
Audience
Duration
Pre-Reqs
Requirements
See full, ,Private Elastic Endgame Triage and Response, ,schedule
Private Only
This course is only offered privately. Please contact your sales representative or email us at sales@elastic.co to schedule a training.