Edu type:
Course or training
Associate degree (EQF 5), Bachelor (EQF 6), Master (EQF 7), MBO-4/HAVO/VWO (EQF 4)
Start date:
Study Load:
20 hrs
3 days
More information


Learn how to monitor for IS incidents, detect threats, eliminate false positives, and perform initial incident response.


About this event

Please register with your corporate email!


Blue team analysts are specialists with a wide range of complex goals. Their role is to monitor for threats, quickly determine whether an incident is genuine, and enrich processes with TI. They do so with lightning efficiency thanks to their knowledge of the fundamentals of the incident response and remediation processes, including threat hunting, network forensics, and malware detonation. Such a comprehensive knowledge base is invaluable when handling emergencies.


Blue teams also possess an in-depth knowledge of the threat landscape, which they monitor and where they collect valuable information and indicators of compromise. By keeping up to date with the latest trends, the specialists help companies handle passive and active threats quicker and more effectively.


Group-IB’s three-day course addresses each of the abovementioned functions of a Blue Team member.


Key topics covered:

  • Basics of security management and SOC operations
  • Overview of cybersecurity solutions
  • Monitoring and detection: signatures and rules
  • Incident response: network and host analysis
  • Fundamentals of malware analysis 
  • Basics of threat intelligence and threat hunting


After this course you'll be able to:

  • Monitoring all solutions to ensure that the organization is secure
  • Quickly assessing security incidents and determining the main features of a cyberattack
  • Supporting threat intelligence and threat hunting processes 


Target participants:

  • Technical specialists with experience in IS
  • Information security specialists
  • SOC/CERT employees 



  • A basic understanding of security controls and solutions
  • A basic understanding of modern cyber threats
  • Some experience in the field of cybersecurity and CTI 


Why Group-IB?

Experience in international investigations

Our training courses are based on 1,200+ successful investigations worldwide.


Technical expertise

All courses are led by GCFA-, EnCE- and MCFE-certified experts.


Practicing experts

The course instructors are current Group-IB specialists, which translates to the most up-to-date and first-hand information for course participants.


Continuously updated program

Course materials are regularly updated with new cases from Group-IB’s experience, which ensures that the course program always reflects the latest trends.


If you have any questions, please contact us: