Host-Based Detection extends the Log Analysis skillset to detecting suspicious events in the context of servers and workstations. This skill path is designed to provide you with a general understanding of Host-Based Detection in the context of a SOC Analyst work role. Upon completing the skill path, you will earn a Credly digital badge that will demonstrate to employers that you’re ready for the job.
Learners at 96% of Fortune 1000 companies trust Cybrary
Host-Based Detection extends the Log Analysis skillset to detecting suspicious events in the context of servers and workstations. This skill path is designed to provide you with a general understanding of Host-Based Detection in the context of a SOC Analyst work role. Upon completing the skill path, you will earn a Credly digital badge that will demonstrate to employers that you’re ready for the job.
In this skill path, you will learn about the basics of Host-Based Detection for SOC Analysts, Endpoint Detection and Response (EDR) tools, execution and persistence in Windows, and local and domain-based authentication in Windows.
Completing this skill path and the associated Assessment will prepare you for pursuing a career as a SOC Analyst. Upon completing this skill path, you are encouraged to enroll in the complete SOC Analyst career path.
The Incident Response Skill Path is expected to release in Q2 of 2025. Sign up now to explore our other Incident Response courses and content.
Start Learning for FreeLearn core concepts and get hands-on with key skills.
In this course, you will learn the basics of host-based detection and analysis. You will learn about host monitoring strategies, relevant host data, visibility, and content access techniques, as well as types of detection logic.
In this hands-on lab, you will learn the basics of Endpoint Detection and Response tools. You will practice using the Wazuh EDR to install an agent on a Windows endpoint and detect simulated attacks aligned to the MITRE ATT&CK framework.
In this hands-on lab, you will learn the basics of process analysis and Windows execution. You will practice using Process Explorer and a SIEM to analyze information from collected process dumps.
In this hands-on lab, you will learn the basics of persistence in Windows. You will practice generating data that is representative of common persistence mechanisms, then use a SIEM to identify indicators of persistence.
In this hands-on lab, you will learn about local authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a user account has logged on and logged off, including the type of authentication.
In this hands-on lab, you will learn about domain-based authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a domain user account has logged on and logged off, including the type of authentication.
Exercise your problem-solving and creative thinking skills with security-centric puzzles
In this hands-on challenge, you practice profiling a suspicious process on a Windows system.
In this hands-on challenge, you will practice analyzing log events related to Windows authentication.
Assess your knowledge and skills to identify areas for improvement and measure your growth
Test your Host-Based Detection knowledge and skills to identify strengths, gaps, and weaknesses in areas like EDR, process analysis, and authentication.
Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.
Put your skills to the test in virtual labs, challenges, and simulated environments.
Track your skills development from lesson to lesson using the Cybrary Skills Tracker.
Connect with peers and mentors through our supportive community of cybersecurity professionals.
This skill path is part of Cybrary’s complete SOC Analyst career path, and is intended for learners who wish to focus their efforts specifically on Host-Based Detection. This includes current early- to mid- career IT practitioners looking to transition into a cybersecurity role. Experienced defensive security practitioners will also benefit from reviewing core concepts and testing their skills in this path's Challenge and Assessment modules.