Endpoint Detection and Response for SOC and IR Teams

To stay ahead of sophisticated attackers, organizations must evolve their cyber security strategies beyond prevention-only technologies and reactive processes. Actively hunting for emerging indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) digs deeper and detects stealthy threats that often go unnoticed. Even with advanced tools, organizations struggle with inadequate detection capabilities, gaps in in-house skillsets and other challenges. 

This course will help you to:

  • Get familiar with the capabilities of a top-notch endpoint detection tool like Sysmon

  • Leverage an endpoint monitoring environment with Sysmon + ELK stack to correlate, hunt and detect advanced endpoint attacks

  • Develop effective EDR Use Cases

  • Leverage open source live forensics tools to conduct endpoint triage, confirm breaches and extract IOCs

  • Implement effective endpoint response actions to mitigate active attacks 

Who should attend:

  • SOC analysts looking to better understand alerts, build the skills necessary to triage events and fully leverage advanced endpoint detection and response (EDR) capabilities

  • Incident Response team members who regularly respond to complex security incidents and intrusions 

  • SIEM engineers who work in the development/onboarding of EDR Use Cases and occasionally support the investigation and response to incidents

  • Information security professionals who directly support and aid in responding to data breach incidents and intrusions.


  • General experience as SOC analyst or IR team member is a nice to have for this course

  • High-level understanding of how a normal Windows system operates

This course will enable you to:

  • Learn and master the EDR techniques, and procedures necessary to effectively monitor, detect, and respond to a variety of attacks on endpoints and servers

  • Detect and hunt unknown live, dormant, and custom malware across multiple Windows devices in an enterprise environment.

  • Recover suspicious files/processes from infected systems and conduct malware analysis.

  • Identify and track malware beaconing outbound to its command and control (C2) channel via network connection artifacts and DNS requests.

  • Discover living off the land techniques, including the malicious use of PowerShell and WMI.

  • Conduct advanced endpoint triage using live-forensics techniques.

  • Identify lateral movement and pivots within your enterprise across your endpoints, showing how attackers transition from system to system without detection.

  • Design effective adversary detection Use Cases using EDR hunt data.

  • Implement effective EDR response strategies to contain attacks and clean the environment. 

What you will receive:

  • Access to printed and digital copies of the training materials

  • 1-month access to the virtual EDR lab environment used during this training

  • Certificate of completion

Delivery method:

  • Instructor-led, 5 days online virtual classroom

Supported languages:

  • English

  • Spanish

For more information get in touch with us using our contact form

  • LinkedIn Social Icon

Prague, Czechia

©2020 Falcon Guard. All rights reserved.