SIEM Investigation
SIEM Splice: Investigation Threads That Hold
Investigation drills that reward threading entities across auth, network, and endpoint data without losing the narrative.
- Duration
- 3 weeks · blended
- Format
- Cohort
- Price (KRW)
- ₩540,000
- Filters
- Foundations · Medium arcs
Overview
Analysts rebuild a storyline from fragmented logs, defend pivot choices, and export a supervisor-ready summary that holds up to scrutiny.
What is included
- ✓ Thread builder canvas inside the lab UI
- ✓ Pivot budget to discourage scatter querying
- ✓ Instructor critiques on narrative gaps
- ✓ Saved search hygiene exercises
- ✓ Entity graph snapshots for handoffs
- ✓ Supervisor summary workshop
- ✓ Optional JSON export for internal wiki
Outcomes
- 1. Keep investigations readable after a shift change
- 2. Choose pivots tied to explicit questions
- 3. Ship summaries stakeholders can act on
Lead facilitator
Jonah Malik
Curriculum strategist translating analyst workflows into measurable labs.
FAQ
Labs run in our hosted workspace. You translate techniques to your environment afterward.
Participant notes
“SIEM Splice made me defend pivots aloud. Painful at first, then clarifying.”