- Course
OS Analysis with HELK
HELK provides machine learning and graph analysis to world class windows log collection and analysis across your enterprise not found in other tools, for free! In this course, you will learn to hunt adversary activity on endpoints using HELK.
Intermediate
- Course
OS Analysis with HELK
HELK provides machine learning and graph analysis to world class windows log collection and analysis across your enterprise not found in other tools, for free! In this course, you will learn to hunt adversary activity on endpoints using HELK.
Intermediate
Get started today
Access this course and other top-rated tech content with one of our business plans.
Try this course for free
Access this course and other top-rated tech content with one of our individual plans.
This course is included in the libraries shown below:
- Security
What you'll learn
Though many cyber attack techniques can be effectively and heuristically identified by analyzing the endpoint logs, there are surprisingly few capabilities that focus solely on parsing windows logs and OS data and providing a platform to perform advanced statistical analysis. In this course, OS Analysis with HELK, you’ll cover how to utilize Hunt ELK to detect adversary endpoint attack techniques in an enterprise environment. First, you’ll see the gap that HELK fills with Windows event log analysis. Next, you'll explore how to operate the advanced hunt features provided by HELK. Finally, you’ll learn how to analyze a live dataset to hunt for adversary activity. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: Kerberoasting T1208, Bits Jobs T1197, and indicator removal on hosts T1070 using HELK.
OS Analysis with HELK
Intermediate
Table of contents
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation.