Name & Direct Link: Automated Detection with Sigma

Platform: The Taggart Institute

Cost: Free or Pay What You Can

Community: There is a Taggart Institute Discord Server

Topics Include:

• Understanding Sigma Rules
• Using Sigma CLI to Convert a Single Rule
• PySigma Pipelines
• Automation
• Threat Hunting and Detection Engineering
• Atomic Red Team for Log Generation
• Writing You Own Sigma Rules

Name & Direct Link: Introduction to AWS Threat Detection

Platform: LinkedIn Learning

Instructor: Day Johnson

Cost: $34.99

Topics:

• MITRE Cloud Matrix
• Log Analysis in AWS
• CloudTrail Log Analysis
• Investigating Compute Threats
• Investigating IAM Threats
• Investigating Storage Threats
• Investigating Logging and Monitoring Threats
• Amazon GuardDuty

Name & Direct Link: Foundations of Detection Engineering

Platform: LinkedIn Learning

Instructor: Eric Thomas

Cost: $24.99

Proof of Completion: Certificate of Completion

Topics:

• What is Detection Engineering?
• The History of Intrusion Detection
• A Day in the Life of a Detection Engineer
• Career Pathways for Detection Engineers
• Understanding the Adversary
• Detection Lifecycle
• Detection Engineering and Threat Intelligence
• Detection Engineering and the SOC
• Detection Engineering and Incident Response
• Working with SIEM Systems
• Building on Your Detection Skills

Name & Direct Link: Detection Engineering Masterclass: Part 1 and Part 2

Platform: Udemy

Cost: $65 – $85

Course Instructor: Anthony Isherwood

Topics Include:

• Detection Engineering Masterclass Part 1
  • Security Operations
  • Detection Engineering Workflow
  • Technology Stack for Detection Engineering
  • MITRE ATT&CK Framework
  • Lab Setup
  • Elastic
  • Installing and Configuring Sysmon
  • Confirming Zeek Logging with NMAP
  • Attack Scenarios
  • Atomic Red Team
• Detection Engineering Masterclass: Part 2
  • TOML Overview
  • Setting up a Development Environment
  • Working with the Elastic Detection Rules Repo
  • Creating a MITRE Object in Python
  • Elastic API
  • GitHub
  • Metrics

Name & Direct Link: Detection Engineering & Threat Hunting (DE&TH)

Platform: Level Effect

Cost: $399

Proof of Completion: Digital Badge

Community/Forum: There is a Discord server

Topics Include:

• Regular Expressions
• YARA
• Snort
• Sigma
• Log Analysis
• Malware Analysis
• Attack Emulation
• Creating, Testing & Tuning Detections
• Detection-as-Code
• Detection Life Cycle
• The Cloud

Name & Direct Link: Detection Engineering Path

Platform: LetsDefend

Cost: $39.99/month – $359/year

Proof of Completion: Certificate of Completion

Community: There is a LetsDefend Discord server

Student Discount: They have Special Pricing for Students (50% off)

Topics:

• Network Security
• Network Design and Security Products
• Secure Network Design
• Introduction to System Security
• Authentication and Authorization
• Password Management
• Windows System Security
• Linux/Unix System Security
• Bash Scripting
• PowerShell
• Python
• Attack Surface Management
• Cyber Threat Intelligence for Detection
• Vulnerability Management
• XDR/EDR
• SIEM Basics, Installation and Configuration
• SIEM Log Collection and Parsing
• SIEM Alert Generation and Tuning
• SIEM Log Search, Analysis and Reporting
• SOAR

Name & Affiliate Link*: Detection Engineering for Beginners

Platform: TCM Security

Cost: This course is included in TCM Security’s All Access Pass for $29.99/month

Hands-On: Yes

Proof of Completion: Certificate of Completion

Topics: Security Operations, Role Variety, Security Incident and Event Management, The Detection Engineering Workflow, Technology Stack for Detection Engineering, MITRE ATT&CK Framework, Lab Setup, Zeek, Elastic, Sysmon, Testing Sysmon Logging with EICAR File and PowerShell, Custom Detections, Attack Scenarios, Atomic Red Team, TOML, Elastic API, GitHub, Metrics.

*DFIR Diva is an affiliate of TCM Security Academy and receives a small percentage of sales made through affiliate links that go toward keeping the site running.

Name & Direct Link: Detection Engineering With Sigma

Platform: Applied Network Defense

Price: $397

Hands-On: Yes

Topics: Detection Engineering Process, Structure of Sigma Rules, SOC Prime Sigma UI Plugin for Kibana, Sigmac, How to Write Your Own Detection Rules Using Famliliar Log Sources Like Windows Events, Zeek Logs, Sysmon Logs, AWS, CloudTrail Logs and more.

Name & Direct Link: Cyberwox Academy

Community: There is a Cyberwox Academy Discord Server

Lab Projects:

Building a Cybersecurity Homelab for Detection & Monitoring

This is a written tutorial with videos

Topics: Building a Host PC, Installing VMWare, Configuring pfsense Firewall for Network Segmentation & Security, Configuring Security Onion, Configuring Kali Linux, Configuring a Windows Server as a Domain Controller, Configuring Windows Desktops, Configuring Splunk, Configuring Nessus on Kali, Ubunti, CentOS, Metasploitable, DVWA, Vulnhub

Intro to Threat Detection with YARA

Topics: Identifying Basic File IoCs, Creating YARA Rules, yarGen, Arya (YARA Rule Testing)

Azure Cloud Detection Lab Project

Topics: Configure and Deploy Azure Resources (Log Analytics, Virtual Machines, Azure Sentinel), Network and Virtual Machine Security Best Practices, Utilize Data Connectors to bring data into Sentinel for Analysis, Windows Security Event Logs, KQL, Configure Windows Security Policies, Write Custom Analytic Rules to Detect Microsoft Security Events, Utilize MITRE ATT&CK