Blue Team
Blue Team Detection Studio
Build repeatable detection narratives using Zeek-style datasets, Sigma-style rules, and mentor critique of your activity log entries.
- 8 weeks
- Hybrid studio
- Tuition from KRW 2,480,000
Program narrative
Participants work from curated breach narratives that omit vendor hype in favor of observable signals. You will chain proxy, authentication, and endpoint artifacts into a single story, then defend that story in a short peer panel. The course foregrounds quality standards for evidence handling without turning into policy theater. We also introduce secure key integrations for lab API tokens so you practice safe secret hygiene early. The pace assumes you can commit roughly eight focused hours weekly outside live sessions.
What you practice
- Synthetic enterprise traffic captures with ground-truth labels
- Rule drafting workshops with line-by-line mentor review
- Activity log templates aligned to escalation workflows
- Purple-team style critique sessions that stay defensive-first
- Optional weekend deep dives on DNS tunnel patterns
- Cloud lab budget guardrails so you learn without surprise charges
Artifacts you can show
- Publish three detection memos with cited evidence
- Run a cross-org workflow handoff drill with another cohort pair
- Present a false-positive postmortem with measurable tuning notes
FAQ
You will write rules in a safe lab tenant. Production rollout guidance is discussed conceptually only.