Threat Hunting with SIEM
A hands-on threat hunting training course exploring the world of threat hunting within the cybersecurity environment.
80 Hours
Blue Team
80 Hours
Blue Team


The cybersecurity landscape has seen a shift within security teams from reactive incident response to proactive threat hunting. On average, it takes around 200 days to detect a data breach and 70 days to contain a breach. Early detection of these breaches makes a big difference in dwell time and reduces any negative effects an attack may have on the organization. Threat hunting requires knowledge of systems and protocols, an inquisitive nature, and a willingness to think outside the box.

The course covers the following topics:


It’s important to improve the accordion’s behaviour

Introduction and overview
  • Terminology – APT, TTP, Kill chain, Pyramid of pain
  • Threat intelligence – Sources, threat sharing
Incident response – Process, tools, and team
The MITRE ATT&CK framework
  • IOCs
  • TTPs
Training tools for attack simulations
  • Atomic Red Team
  • Caldera
Data capture
  • Windows internals
  • WMI
  • PowerShell
Endpoint monitoring, memory analysis
  • Event-ID, logging
  • Services and tasks
  • Malware detection
  • SIEM
    • ELK
    • Splunk
Malware analysis
  • Malware classification
  • Anti-forensics and evasion techniques
  • Detection tools
  • Memory analysis
Network monitoring
  • Traffic analysis
  • Lateral movement artifacts
  • Web shell artifacts
  • Building a timeline
Don't touch this tab

About CYBERPRO was founded in cooperation with international information security and instruction authorities who bring to Israel world-leading cyber training technologies and a learning experience of the highest standard available today.

The partners include the IITC group which has been training graduates for the high tech industry for over 20 years, and was selected as the training center for the Cisco Company in Israel.

CYBERPRO’s advanced, sought-after training courses in the areas of infrastructures, information security and cyber are world famous. These training courses were developed by some of the best cyber experts in the world, for international security organizations that emphasize the high training capabilities, the professional learning methods and the unique training and practice technologies. Our connection with international groups allows our students to be exposed to unique employment opportunities in Israel and abroad.

The training and learning tracks are all based much hands-on practice and preparation for the industry and profession requirements, so they include technological labs and practice sessions using one of the most advanced simulators in the world.

    • IT & Cyber professionals
    • Analysts Tier 2
    • CIRT Members
    • Previous knowledge or certification in:
      • The cyber security domain
      • Operating systems and the command line
    • Identification of malicious applications
    • Network forensics
    • Attack identification and detection
    • Advanced usage of forensics tools
    • Advanced knowledge in logging systems and analyzing them