0Pricing
Cyber Security Academy · Lesson

Using Logs and Telemetry

Hunt across data sources.

Data Powers Hunting

A hunt is only as good as the data behind it. Logs and telemetry are the evidence trail attackers leave across systems.

This lesson covers the key data sources and how to hunt across them.

Endpoint Telemetry

Endpoint data is the richest source. Tools like EDR and Sysmon record process creation, command lines, file writes, and registry changes.

Most modern attacks touch an endpoint, so this is where many hunts begin.

Endpoint signals:
  - process creation + command line
  - parent/child process tree
  - file and registry modifications
  - module/DLL loads

All lessons in this course

  1. Threat Hunting Mindset
  2. Hypothesis-Driven Hunting
  3. Using Logs and Telemetry
  4. MITRE ATT&CK Mapping
← Back to Cyber Security Academy