Course Overview

Detection Engineering for Beginners teaches core concepts and skills to start thinking and working as a Detection Engineer!

This course will first teach the theory behind security operations and detection engineering. We'll then start building out our home lab using VirtualBox and Elastic's security offering. Then we'll run through three different attack scenarios, each more complex than the one prior. We'll make detections off of our attacks, and learn how to document our detections. Next we'll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we'll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we'll have a final section on how to write scripts to gather important metrics and visualizations.

This course takes students from A-Z on the detection engineering lifecycle and technical implementation of a detection engineering architecture.


While this course is marketed as entry level, any prerequisite knowledge will help in the courses learning curve. Familiarity with security operations, searching logs, security analysis, or any related skillset will be helpful (but ultimately not required).


Requirements:

The ability to run 2-3 VMs on a local machine:

* Ubuntu Linux

* ParrotOS

* Windows 11


Minimum Requirements:

CPU Cores: 4

RAM: 8gb

Hard Drive Space: 50GB


Recommended Requirements:

CPU Cores: 6+

RAM: 16GB+

Hard Drive Space: 50GB+


You can technically get by with the main host having only a couple cores and 8 gigs of RAM, but any additional resources that can be assigned to your VMs will make the process smoother.


Learning Objectives:

* Understanding of Security Operations

* Understanding of the various log generating systems that Detection Engineers can use

* Learn how to create ad-hoc offensive tests to generate logs for detection creation

* Learn how to work within a testing framework to generate logs for detection creation

* Understanding how to properly document your detections

* Learn how to write your own code to validate your detection documents

* Learn how to use Python to interact with a SIEM's API to push and pull detection data

* Learn to use GitHub Actions to facilitate all our custom checks and API interactions

* Learn how to write your own code to help create detection metrics

Detection Engineering for Beginners Dragon logo

Course Curriculum - 11 Hours

  Introduction
Available in days
days after you enroll
  Theory
Available in days
days after you enroll
  Lab Setup
Available in days
days after you enroll
  Elastic Setup
Available in days
days after you enroll
  Attack Scenario 1
Available in days
days after you enroll
  Attack Scenario 2
Available in days
days after you enroll
  Attack Scenario 3
Available in days
days after you enroll
  Atomic Red Team
Available in days
days after you enroll
  TOML
Available in days
days after you enroll
  Elastic API
Available in days
days after you enroll
  GitHub
Available in days
days after you enroll
  Metrics
Available in days
days after you enroll
  Conclusion
Available in days
days after you enroll
all-access membership wolf logo

This course is included in our
All-Access Membership
starting at $29.99/month

Get full access to the Detection Engineering for Beginners course and our full course catalog when you enroll in our All-Access Pass Membership.

Anthony Isherwood instructor

About the Instructor

My name is Anthony Isherwood. I am a seasoned security professional with past roles in incident response, vulnerability management, SIEM engineering, security architecture, SOC coaching, and consulting. I currently enjoy working as Lead Detection Engineer for a large media company, focusing on detection creation, automation, and adversary emulation.


I have taken red team courses and certs such as TCM's own Practical Ethical Hacking course, VirtualHackingLabs, and obtained the OSCP. In addtion, I also obtained the GIAC Reverse Engineering Malware GREM certification and have a couple lapsed Comptia certs such as the Security+ and CySA+.


I truly love this field! My goal is to enable others to accelerate their growth and enjoy the field as much as I do.


Outside of my professional work, I enjoy lifting in my home gym or playing some games to unwind at night. I have a beautiful family, a wife and son, who always drive me to be the best version of myself I can be. A special shoutout to my wife, who shouldered extra responsibility as I was developing and creating this course!

Frequently Asked Questions


Can I get a refund if I'm unhappy with my purchase?

Yes. All courses come with a 24-hour money-back guarantee.


Will I receive a certificate of completion when I finish a course?

Yes. All courses come with a certificate of completion.


Do the courses count as Continuing Education Units (CEUs)?

Yes. Every certificate of completion comes with the total CEUs earned listed on the certificate.

What is the All-Access Pass?

As of July 1st, 2023 TCM Academy transitioned to a monthly subscription model, where you now receive full access to all of the courses on our platform for as long as your subscription remains active.


What if you already own courses on TCM Academy?

If you already own a course on our platform, you will continue to own that course forever. Previously owned courses will not be affected by this change.


I can see the course, but it won’t load or play. What should I do?

We use Cloudflare to protect our course platform and unfortunately, it does not play nice with VPNs. If you are experiencing issues, turn off your VPN and try again. If that does not solve the issue, please contact our support team at [email protected] and we will help you out.