SIEM Investigation
Cloud Echo Lab: Identity Lanes in Hybrid Estates
Investigations spanning on-prem AD echoes and cloud identity signals, emphasizing token replay patterns without cloud vendor hype.
- Duration
- 3 weeks · blended
- Format
- Cohort
- Price (KRW)
- ₩610,000
- Filters
- Intermediate · Medium arcs
Overview
Labs stitch together sign-in risk scores, conditional access outcomes, and classic Kerberos artifacts so hybrid teams stop arguing about which console is 'source of truth.'
What is included
- ✓ Hybrid timeline stitching exercises
- ✓ Token replay vs password spray decision trees
- ✓ Break-glass account monitoring drills
- ✓ Instructor maps for common false positives
- ✓ Cross-console correlation worksheets
- ✓ Customer-safe wording for identity incidents
- ✓ Exportable control mapping notes
Outcomes
- 1. Tell a single story across identity consoles
- 2. Separate noisy risk scores from actionable states
- 3. Brief identity engineers with concrete asks
Lead facilitator
Jonah Malik
Curriculum strategist translating analyst workflows into measurable labs.
FAQ
Not inside the lab. Mapping exercises show what to request from your cloud team afterward.
Participant notes
“Cloud Echo Lab finally bridged our on-prem heroes and cloud skeptics with shared worksheets.”
“Wish the Kerberos section was longer, but the correlation worksheets were worth the tuition.”