Edu type:
Course or training
Associate degree (EQF 5), Bachelor (EQF 6), Master (EQF 7), MBO-4/HAVO/VWO (EQF 4)
Start date:
Study Load:
20 hrs
3 days
More information


Learn how to monitor for IS incidents, detect threats, eliminate false positives, and perform initial incident response.


Blue team analysts are specialists with a wide range of complex goals. Their role is to monitor for threats, quickly determine whether an incident is genuine, and enrich processes with TI. They do so with lightning efficiency thanks to their knowledge of the fundamentals of the incident response and remediation processes, including threat hunting, network forensics, and malware detonation. Such a comprehensive knowledge base is invaluable when handling emergencies.


Blue teams also possess an in-depth knowledge of the threat landscape, which they monitor and where they collect valuable information and indicators of compromise. By keeping up to date with the latest trends, the specialists help companies handle passive and active threats quicker and more effectively.


Group-IB’s three-day course addresses each of the above mentioned functions of a Blue Team member.


Key topics covered:

  • Basics of security management and SOC operations
  • Overview of cybersecurity solutions
  • Monitoring and detection: signatures and rules
  • Incident response: network and host analysis
  • Fundamentals of malware analysis
  • Basics of threat intelligence and threat hunting

Skills acquired:

  • Monitoring all solutions to ensure that the organization is secure
  • Quickly assessing security incidents and determining the main features of a cyberattack
  • Supporting threat intelligence and threat hunting processes

Target participants:

  • Technical specialists with experience in IS
  • Information security specialists
  • SOC/CERT employees


  • A basic understanding of security controls and solutions
  • A basic understanding of modern cyber threats
  • Some experience in the field of cybersecurity and CTI