Incident Response with Elastic Security
Modern organizations increasingly face the challenge of responding to complex cybersecurity incidents — from malware infections to targeted attacks and APT operations. To effectively counter such threats, it is not enough to simply have the tools — one must understand the attacker’s mindset and know how to use available security systems in practice.
The Incident Response with Elastic Security course is an intensive three-day hands-on training where participants learn how to analyze incidents, detect attack techniques, and respond effectively using Elastic Security (SIEM and EDR). It’s a unique combination of a cyber range, technical education, and digital forensics, realistically simulating the entire incident-handling process — from detection to post-incident investigation.
Knowledge of Incident Response is essential not only for SOC and CERT teams, but also for IT professionals, system and network administrators, and anyone responsible for cybersecurity. Understanding attack logic, analyzing traces, and interpreting telemetry from EDR and SIEM enables faster response, stronger defense, and reduced operational downtime.
Training Objectives
The goal of the training is to prepare participants for effective incident response using Elastic Security.
Participants will learn to:
• Identify and analyze adversary activity
• Classify attack techniques based on MITRE ATT&CK
• Conduct forensic investigations and post-incident analysis
• Make informed decisions during the Incident Response process
• Use SIEM and EDR for detection, correlation, and response
Practical Exercises
The foundation of the course is a Cyber Range — a realistic simulation environment built to replicate an enterprise IT infrastructure, including servers, Active Directory services, and Windows / Kali Linux workstations.
Participants carry out step-by-step attack scenarios based on Threat Intelligence, applying real APT techniques such as:
• Discovery (Network, Active Directory)
• OS Credential Dumping (LSASS, SAM)
• Privilege Escalation and Lateral Movement
• Web Shell Deployment and Remote ExploitationEach phase of the attack is monitored in real time within Elastic SIEM and EDR, enabling participants to understand how threats are detected, correlated, and analyzed by enterprise-grade systems.
All attack scenarios are explained and executed using the Cyber Soldier Breach and Attack Simulation (BAS) educational platform, helping participants grasp advanced offensive (hacking) and defensive techniques.
Training Outcome
Participants learn not only how to detect and respond to incidents, but also how to understand the logic of attacks and effectively apply incident response methodologies — from identification and analysis to containment, eradication, and reporting.
By combining theory with hands-on practice in the Elastic Security environment, participants gain the skills to detect threats faster, perform deeper investigations, and mitigate real-world attacks more effectively.
The forensic exercises are based on real, multi-stage incidents observed in actual corporate breaches, ensuring realism and practical learning.
Participants perform realistic attack simulations using the Cyber Soldier BAS platform, which provides a safe and interactive environment for replicating the full attack chain.
Trainer and Course Author Competencies
The Incident Response with Elastic Security training environment and materials were developed by a team of experts with advanced offensive and defensive cybersecurity credentials, validated by globally recognized certifications:
/ Offensive Competencies /
• OffSec Experienced Penetration Tester (OSEP)
• OffSec Web Expert (OSWE)
• OffSec Certified Professional (OSCP)+
• AWS Red Team Expert (ARTE)
• EC-Council Certified Ethical Hacker (CEH) Master/ Defensive Competencies /
• ISC² Certified Information Systems Security Professional (CISSP)
• EC-Council Certified Chief Information Security Officer (CCISO)
• Certified SCADA Security Architect
• AWS Certified Security – Specialty
Materials and Certification
Each participant receives:
• Access to the Elastic Security (SIEM & EDR) environment
• An individual access to the Cyber Soldier BAS platform
• A complete set of training materials and attack scenarios
• A certificate confirming course completion and acquired skills
Learn more
The full training agenda and exercise details are available in the brochure:
