Detection Engineering with Sigma

Current Status

Not Enrolled

Price

Closed

Get Started

Take this Course

 

Design, test, and operationalize real-world detections using Sigma and Windows telemetry.

Course ID: ADL-DET-001

Format: Mini-Course
Category: Detection Engineering
Skill Level: Foundational → Intermediate

Tools & Platforms:
Sigma Hayabusa Splunk Windows Telemetry

Course Overview

Detection Engineering with Sigma is a hands-on course focused on building high-quality, behavior-based detections using real Windows event data. Rather than relying on signatures or tool-specific alerts, this course teaches analysts how to design detections that stand up in real SOC environments using real attack patterns.

What You’ll Do in This Course

By the end of this course, you will be able to:

  • Write and reason about Sigma rules using Windows event logs
  • Test detections offline using Hayabusa
  • Validate and tune detections in Splunk
  • Reduce noise and false positives through better detection logic
  • Build correlation-based detections for attacks that unfold over time
  • Understand how detections are planned, tested, refined, and operationalized

Threat & Technique Coverage

This course focuses on detecting common attacker behaviors, including:

  • Event log clearing
  • Lateral movement via PsExec
  • LSASS credential dumping
  • Brute-force and password spray attacks
  • Multi-stage attacks using correlation rules

Who This Course Is For

This course is ideal for:

  • SOC analysts looking to move beyond alert consumption
  • Blue team practitioners learning detection engineering fundamentals
  • DFIR analysts who want to better understand how detections are built and validated

No prior Sigma experience is required. Basic familiarity with Windows logs and SIEM concepts is helpful but not mandatory.

Hands-On Lab Environment

You’ll have access to a browser-based lab environment containing:

  • Windows event logs for analysis
  • Offline detection testing with Hayabusa
  • SIEM validation using Splunk

All tooling and data required for the exercises are provided.

What You’ll Walk Away With

After completing this course, you’ll have:

  • Practical experience writing and validating Sigma detections
  • A clear understanding of detection engineering workflows
  • A foundation for building higher-quality, behavior-based detections in your own environment

This course is designed to help analysts start thinking like detection engineers, not just alert responders.

 

 

Course Content

Course Introduction
Online Lab VM
Module 1 – Introduction to Sigma Rules
Module 2 – Hayabusa: Detect Security Event Log Clearing with Sigma 2 Topics
Module 3 – Splunk: Detect PsExec Service Execution with Sigma 2 Topics
Module 4 – Splunk: Detect LSASS Credential Dumping with Sigma 2 Topics
Module 5 – Splunk: Detect Brute Force & Password Spray Attacks with Sigma Correlation 3 Topics
Conclusion and Next Steps
Scroll to Top

Training Waitlist

Join our waitlist and get notified when training becomes available.

Contact Information
Professional Experience
I'm interested in

*By submitting this form, you’re agreeing that we will contact you and to receive our free email newsletter. (You’ll never be spammed and you can unsubscribe at any time.) We do not share your information with third-parties.