Trainings¶
All the courses proposed below involve a mix of theoretical teaching and practical exercises. Theoretical content comes from the punch Product Documentation. Practical exercises are based on real or training use cases.
The standalone platform is used in all the trainings so as to provide each participant with its own exercise environment. Participants are free and encouraged to bring their own macos or linux/unix laptop. Make sure to check out the standalone platform requirements.
Target Audiences¶
The various training modules target the following audiences:
- Solution architects and product integrators, in charge of designing solutions, preparing the actual deployments and configurations, and producing platform-specific resources such as end-user context-specific documentations and configuration packages.
- Maintenance in Operational Condition (MOC) teams, in charge of configuration updates, platform upgrades, incident management, problem investigation, patch deployment, access control management.
- Cybersecurity analysts in charge of handling alerts and analyzing events logs (alerts investigation/ forensics).
- SIEM expert users responsible for configuring alert rules or defining new correlation/specific application development needs.
- Event logs parsers/normalization/enrichment developers in charge of developing new or improving existing parsers, conforming to the defined data model.
- Application developers in charge of designing data analytics applications such as aggregations, extract-transform-load pipelines, machine learning applications using a mix of on the shelf punch modules and nodes and custom ones.
Training Units¶
The punch training catalog provides training units that can be assembled depending on the target audience and their skills, as required for their role(s).
Each unit comes with a delivered material that provides instructions, presentations and exercices. This package also contain trainer instructions so as to be possibly replayed directly as part of the same project without further iplication of the punch team.
Here are the various training units together with their short identification code.
UNIT | SUBJECT |
---|---|
HLI | High level introduction, Capabilities, Features, Software and Framework components, design and concepts |
CPA | Channels, Punchlines and Applications design and basic operation, Streams, channels components, PML |
DPP | Deployment, patching, Platform configuration, upgrading |
ARCH | Scalability, Sharding and grouping, High Availability ; Components placement Frameworks point of attention |
ADM | Admin tools (alias, mapping, offsets management, housekeeping) and Troubleshooting, Perf. Tuning |
MON | Platform, channels and applications monitoring |
IKQ | Kibana best practices, querying & ES mappings automated aggregation |
CAN | Configuring simple correlation and alerting rules & notifications |
TIDE | Normalization/ Data model, Threat Intel, Data enrichment |
PUN | Punchlang / Parsing, Enrichment development |
DEV | Advanced application Developers training : Custom Nodes, Stateful correlators |
AIM | Machine Learning, Python PySpark and Spark application design. Dealing with models. |
Note
the CAN and TIDE units are provided as part of the punch Cybels analytics product offering.
The units dependency relationship is illustrated next. It indicates in which order the units can be provided. It is essential to follow the required units before moving on to the next one.
Info
The punch documentation and training material are to a great extent online. Do not hesitate to follow these tracks on you own. Of course having a punch trainer will provide more detail and more context to each topic. Checkout the online training guide.
Training Sessions Prerequisites¶
Each training unit requires 3 hours, and is conducted through remote sessions. At most 5 attendees are accepted so as to
keep trainings well-adapted to online trainings.
A Slack access account is setup for each trainee and for the duration of the training.
In addition, each unit gives access to a citadel question/answer channel so as
to consolidate the skills and topics presented during the online course.
Each trainee must have at his/her disposal for the duration of the session a workstation with internet access and the preinstalled following requirements:
- a Chrome or Safari browser
- the Slack desktop application installed, and trainee account (provided by the training team) pre-tested by the trainee with the training team to ensure instant access at training session time,
- SSH client with remote X11 forwarding setup, and capacity to locally display remote X windows (this is for ease of remote files edition during the hands-on training sequences)
- Allowed SSH outgoing accesses to the internet-accessible training platform.
Tip
Trainee are strongly encouraged to use their own personal laptop. The punch training material and standalone works fine on any macos or linux laptop.
Get in touch with the punch team for the training fees or any additional information regarding the trainings content.
Training Material Conventions¶
The training material provides exercices, explanations, and of course important references to the rich punch online documentation.
The following highlighting is used throughout the training tracks:
Abstract
Each chapter or track topic is described in here.
Info
All reference to online or external documentation is signaled as part of info highlights. For example: - Punch Programming Reference Guide - Tuples
Question
Some question you should ask yourself and be able to answer are provided. If not clear to you make sure you ask the trainer.
Tip
Tips contains the trainer explanations. The concepts or important point to consider and understand are listed here. The punch training material is designed so as to allow you can give it yourself, in turn, to more teams.
Danger
Common mistakes or misconfigurations are highlighted in these sections.