Intermediate6 weeks
Threat Hunting & Detection
A blue-team-first course on building detection content that holds up in production. You'll work with realistic telemetry and learn to write rules and hunt hypotheses that stay useful as your environment changes.
Blue TeamDFIR
[ modules ]
- 01Telemetry sources: EDR, sysmon, cloud audit logs
- 02Authoring Sigma and YARA at scale
- 03Hunt loops and hypothesis-driven investigation
- 04Measuring detection efficacy over time
[ outcomes ]
- >Author detections that hold up against real activity
- >Run repeatable, well-documented threat hunts
- >Tune noisy environments without losing visibility