Threat Hunting with SIEM
A hands-on threat hunting training course exploring the world of threat hunting within the cybersecurity environment.
80 Hours
Blue Team
80 Hours
Blue Team


The cybersecurity landscape has seen a shift within security teams from reactive incident response to proactive threat hunting. On average, it takes around 200 days to detect a data breach and 70 days to contain a breach. Early detection of these breaches makes a big difference in dwell time and reduces any negative effects an attack may have on the organization. Threat hunting requires knowledge of systems and protocols, an inquisitive nature, and a willingness to think outside the box.

The course covers the following topics:


It’s important to improve the accordion’s behaviour

Introduction and overview
  • Terminology – APT, TTP, Kill chain, Pyramid of pain
  • Threat intelligence – Sources, threat sharing
Incident response – Process, tools, and team
The MITRE ATT&CK framework
  • IOCs
  • TTPs
Training tools for attack simulations
  • Atomic Red Team
  • Caldera
Data capture
  • Windows internals
  • WMI
  • PowerShell
Endpoint monitoring, memory analysis
  • Event-ID, logging
  • Services and tasks
  • Malware detection
  • SIEM
    • ELK
    • Splunk
Malware analysis
  • Malware classification
  • Anti-forensics and evasion techniques
  • Detection tools
  • Memory analysis
Network monitoring
  • Traffic analysis
  • Lateral movement artifacts
  • Web shell artifacts
  • Building a timeline
Don't touch this tab

SOTERIA Global is a global leader in cyber-security training solutions and services.

The cyber world is now a part of our everyday life. New technology emerges daily, and as opportunities increase, so do cyber risks. Threats constantly evolve, and we must protect our valuable assets.

A successful cyber defense has many factors, but they all have one thing in common: dedicated, skilled individuals.

SOTERIA Global experts develop our solutions and rely on the best technological assets in the market. Our impressive global presence expands over four continents, giving us access to the best cybersecurity professionals.

Our solutions range from customized training programs to developing cyber-oriented facilities, ensuring that individuals and organizations are ready to face real-world threats. Over the years, we have worked with various organizations across many sectors, giving us the skillset to shape and adapt our solutions to meet our client’s needs.

    • IT & Cyber professionals
    • Analysts Tier 2
    • CIRT Members
    • Previous knowledge or certification in:
      • The cyber security domain
      • Operating systems and the command line
    • Identification of malicious applications
    • Network forensics
    • Attack identification and detection
    • Advanced usage of forensics tools
    • Advanced knowledge in logging systems and analyzing them