Skill Path

Host-Based Detection

Skill Path

Host-Based Detection extends the Log Analysis skillset to detecting suspicious events in the context of servers and workstations. This skill path is designed to provide you with a general understanding of Host-Based Detection in the context of a SOC Analyst work role. Upon completing the skill path, you will earn a Credly digital badge that will demonstrate to employers that you’re ready for the job.

Start Course

Start Path for Free

Path Releasing Q2 2025

Full access included with

Insider Pro

and

Teams

9

H

40

M

Time

Intermediate

i

Experience Level

5500

6

i

CEU's

Enrollees

Learners at 96% of Fortune 1000 companies trust Cybrary

About this Skill Path

In this skill path, you will learn about the basics of Host-Based Detection for SOC Analysts, Endpoint Detection and Response (EDR) tools, execution and persistence in Windows, and local and domain-based authentication in Windows.

Completing this skill path and the associated Assessment will prepare you for pursuing a career as a SOC Analyst. Upon completing this skill path, you are encouraged to enroll in the complete SOC Analyst career path.

Skill Path Outline

Coming Soon

The Incident Response Skill Path is expected to release in Q2 of 2025. Sign up now to explore our other Incident Response courses and content.

Start Learning for Free

1

Learn

Learn core concepts and get hands-on with key skills.

VIRTUAL LAB

Host Detection Basics

In this course, you will learn the basics of host-based detection and analysis. You will learn about host monitoring strategies, relevant host data, visibility, and content access techniques, as well as types of detection logic.

VIRTUAL LAB

EDR Basics

300

In this hands-on lab, you will learn the basics of Endpoint Detection and Response tools. You will practice using the Wazuh EDR to install an agent on a Windows endpoint and detect simulated attacks aligned to the MITRE ATT&CK framework.

VIRTUAL LAB

Execution in Windows

600

In this hands-on lab, you will learn the basics of process analysis and Windows execution. You will practice using Process Explorer and a SIEM to analyze information from collected process dumps.

VIRTUAL LAB

Persistence in Windows

600

In this hands-on lab, you will learn the basics of persistence in Windows. You will practice generating data that is representative of common persistence mechanisms, then use a SIEM to identify indicators of persistence.

VIRTUAL LAB

Local Authentication in Windows

600

In this hands-on lab, you will learn about local authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a user account has logged on and logged off, including the type of authentication.

VIRTUAL LAB

Domain Authentication in Windows

600

In this hands-on lab, you will learn about domain-based authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a domain user account has logged on and logged off, including the type of authentication.

Show All 20 Items

2

Practice

Exercise your problem-solving and creative thinking skills with security-centric puzzles

CHALLENGE

Process Profiles in Courage

500

In this hands-on challenge, you practice profiling a suspicious process on a Windows system.

CHALLENGE

Certificate of Authenticity

500

In this hands-on challenge, you will practice analyzing log events related to Windows authentication.

Show All 20 Items

3

Prove

Assess your knowledge and skills to identify areas for improvement and measure your growth

ASSESSMENT

Host Based Detection

1500

Test your Host-Based Detection knowledge and skills to identify strengths, gaps, and weaknesses in areas like EDR, process analysis, and authentication.

Show All 20 Items

4

Train Your Team

Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.

Cybrary For Business

Instructors

Jennifer Barnabee

Course Manager at Cybrary

Read Full Bio

Garret Donaldson

Lab Architect

Read Full Bio

Joseph White

Lab Architect

Read Full Bio

Instructors

Get Hands-on Learning

Put your skills to the test in virtual labs, challenges, and simulated environments.

Measure Your Progress

Track your skills development from lesson to lesson using the Cybrary Skills Tracker.

Connect with the Community

Connect with peers and mentors through our supportive community of cybersecurity professionals.

Success from Our Learners

"Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

Don Gates

Principal Systems Engineer/SAIC

"Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

Cory

Cybersecurity analyst/

"I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

Mike

Security Engineer and Pentester/

Don Gates

Principal Systems Engineer/SAIC

Cory

Cybersecurity analyst/

Mike

Security Engineer and Pentester/

"Becoming a Cybrary Insider Pro was a total game changer. Cybrary was instrumental in helping me break into cybersecurity, despite having no prior IT experience or security-related degree. Their career paths gave me clear direction, the instructors had real-world experience, and the virtual labs let me gain hands-on skills I could confidently put on my resume and speak to in interviews."

Cassandra

Information Security Analyst/Cisco Systems

"I was able to earn both my Security+ and CySA+ in two months. I give all the credit to Cybrary. I’m also proud to announce I recently accepted a job as a Cyber Systems Engineer at BDO... I always try to debunk the idea that you can't get a job without experience or a degree."

Casey

Cyber Systems Engineer/BDO

"Cybrary has helped me improve my hands-on skills and pass my toughest certification exams, enabling me to achieve 13 advanced certifications and successfully launch my own business. I love the practice tests for certification exams, especially, and appreciate the wide-ranging training options that let me find the best fit for my goals"

Angel

Founder,/ IntellChromatics.

Frequently Asked Questions

Who is this for?

This skill path is part of Cybrary’s complete SOC Analyst career path, and is intended for learners who wish to focus their efforts specifically on Host-Based Detection. This includes current early- to mid- career IT practitioners looking to transition into a cybersecurity role. Experienced defensive security practitioners will also benefit from reviewing core concepts and testing their skills in this path's Challenge and Assessment modules.

‍

This is some text inside of a div block.

Button Text

Join over 3 million cybersecurity professionals advancing their career

or sign up with

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Begin the System Administrator Collection for Free Today

If you want to pursue a career in system administration, begin Cybrary’s System Administrator Collection today. This collection is the perfect way to build your IT knowledge and prepare for your dream IT or cybersecurity job.