Call us on:

Threat Hunting and Advanced Analytics Course

Learn how to start or accelerate advanced, strategic hunting operations in your organization

Course Summary

Come join us for a unique threat hunting course taught by real practitioners! This course is fully immersive, weaving theory and practice into each day. The learning environment has been carefully crafted to maximize learning, discovery, and fun; and the content has been curated from years of hands-on hunting operations catching advanced attackers.

This course is ideal for those who are looking to up-level their security analysis skills, to understand the role of big data analytics in security, or to view data analysis from a cyber intelligence perspective. This course is also great for those in more program or people management roles, such as those looking to establish or optimize a threat hunting program, those unsure about the value of endpoint telemetry, or front-line managers of security analysis, DFIR, or threat hunting teams.

You will learn in-depth strategy related to hunting for advanced attackers on your network. Find out what hunting really is and how you can make the most effective use of it in your security organization. No matter your size or maturity level, we will equip you to hunt advanced threats that are easily missed by traditional security processes.




Denver, CO, USA




Certificate focused training seems to be all about the goal of passing an exam. The focus is on key points that will likely come up on the test when there is so much information. The instructors for this course were all about empowering the students with relevant, real-world knowledge and experience to help them improve and advance in skills and understanding. I especially like how much hands-on activity there was with enough time to review and ask questions....

- David Rojas, Security Analyst

Lots of hands-on-keyboard time; for me the best way to learn is by doing. It was clear the instructors are experts in their fields and that they have spent a lot of time practicing what they are preaching.

- Ben Downing, Security Analyst

The relaxed atmosphere really helped sustain an environment of learning. Brian and Kris came into the course prepared and technical issues were almost non-existent. I came away from this course with good working knowledge of sysmon, log aggregators, Kibana and Splunk. Brian and Kris are excellent instructors and bounce ideas off each other and the class. Discussion was open-ended and always open for critique or debate, creating a great environment for learning. Nice to see this kind of behavior in an otherwise defensive, secretive industry.

- Jamis Eichenauer, Product Support Engineer


This course is developed and taught by Brian Concannon and Kris Merritt, who are real practitioners of what you'll learn in class.

Course Deliverables

Who Should Attend

The strategic and tactical nature of the content presented in this course is particularly suited for SOC analysts, DFIR practitioners, data analysts, and the managers who support them.


Threat hunting was born out of necessity. No longer do security practitioners fully depend on passive monitoring solutions to detect advanced threats to your networks and data. And not all hunting is equal. The best requires the right data + the right tools + the right people, actuated by intuitive processes.

We have used this model to discover the most advanced attackers in the Fortune 500, government, NGOs, and SMBs. The average attacker dwell time on our protected networks were minutes to hours, not months.

We have a compelling desire to equip people up and down the chain with the knowledge and skills they need to execute a fully developed, fully engaged hunting program.

Course Topics

What is Cyber Threat Hunting?

  • Why is it needed?
  • How does it fit into your overall security program?

Hunting Methodologies

  • Behavioral patterns vs. signatures
  • Where cyber threat intelligence can best help...and where it can't
  • How your hunting process can work like an OODA Loop

Hunting Patterns

  • What are they?
  • Approaching hunting from a data analytics perspective
  • The pattern lifecycle and feedback loop
  • Development of patterns and hunting triggers
  • Where the MITRE ATT&CK framework fits in

Tooling and Enablement

  • Endpoint sensors / logging
  • Sensor data / log aggregation
  • Analytics with Splunk
  • Analytics with Elastic Search

Operationalized Hunting

  • Operations tempo
  • 24/7 coverage
  • Enablement team
  • OODA loop
  • Minimum hunting threshold
  • Tiered alerting
  • Pattern development / curation
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form
We would love to help you.
Get in touch with us to discuss your situation.