Perched | Security Education, Consulting, and Support
Security Solutions

Perched Foundations

Perched Foundations


There is a common problem in technology education, in that many skills require so much prior knowledge, that it's difficult to know where to even begin teaching a skill or concept. All of these nested skills quickly pile up and can often make training overwhelming for the student. The Foundations Course solves this problem by teaching Network Security Monitoring (NSM) in a simple way that builds incrementally. The first days lay the common groundwork that will flow into the next higher concept.

Each day in Foundations is designed to be as practical and engaging as possible. Students are provided with an individual system to encourage usage of the platforms throughout the course content.

Network security is a constantly changing space and we focus on keeping our content up-to-date. While learning relevant information, the students also get practical experience with relevant tools, such as version control systems, Linux, command-line text editors, security contexts, and basic system management.


The core strength of the Foundations Course is that it is designed to accommodate a wide range of technical skills and practical experience.


5 Days | 8 hours per day


There are no prerequisites for this course.


  • Mac, Linux, or Windows

  • A modern web browser


Day 1

Linux CLI

This introductory course is designed to equip a student with basic survival skills for the Linux command line. It is not intended to make them an expert, but rather familiarize them enough that Linux isn’t a barrier to their success.


  • Design Principles

  • File System Layout (w/ lab)

  • Using Vim (w/ lab)

  • Viewing Logs (w/ lab)

  • Package Management (w/ lab)

  • Working With Services (w/ lab)

  • SELinux Basics (w/ lab)

  • Linux Administrative Skills (w/ lab)


Day 2

Introduction to Bro

An understanding of Bro is a foundational skill for anyone that wishes to use RockNSM. This course is designed to take an operator or analyst who has never used Bro and bring them up to speed with its capabilities.


  • System Setup

  • What is Bro?

  • Bro Project History

  • Bro vs. Wireshark (w/ lab)

  • Analyzing a packet capture (w/ lab)

  • Running Bro from the Command Line (w/ lab)

  • ASCII Logs Overview (w/ lab)

  • Filtering and Sorting Data (w/ lab)

  • Capture the Flag (w/ lab)


Day 3

Introduction to Kafka

This course will cover what message queuing is all about, how it is used, and why Kafka was chosen for ROCK. This is not a lab-intensive course; it is designed to provide an overview of what is happening in the background with RockNSM.


  • What is a Messaging Queue?

  • Kafka Overview

  • Publishers and Subscribers

  • Topics and Partitions

  • Kafka and RockNSM History

Introduction to the File Scanning Framework

File Scanning Framework (FSF) is an open source project by Emerson Electric that enables recursive file scanning with a combination of YARA rules and programming logic. This course will familiarize students with the tool’s capabilities and provide an overview of YARA rules.


  • Project Overview

  • What is Recursive File Scanning?

  • YARA Rules (w/ lab)

  • Scanning a File (w/ lab)

  • Interpreting Scan Results (w/ lab)

  • Using jq


Day 4

Introduction to the Elastic Stack

Elastic is an open source data company whose products are integral to RockNSM and CAPES. This course will provide an overview of the products offered and an introduction to using the three primary products, commonly known as the Elastic stack.


  • Elastic Company Overview

  • Elasticsearch (w/ lab)

  • Logstash (w/ lab)

  • Kibana (w/ lab)

  • Beats (w/ lab)


Day 5

Introduction to CAPES

CAPES is a scalable, open source and free Security Incident Response Platform, designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. This course is designed to take an operator or analyst who has never used the CAPES technology stack and bring them up to speed with its capabilities.


  • System Setup (w/ lab)

  • What is CAPES?

  • CAPES Services Introduction (w/ lab)

Introduction to Git

Whether you’re organizing config files or deploying an application, modern operations happen using version control systems. Git has quickly become the new standard and learning to get work done in Git is a critical skill for students. This skill will immediately pay off in creating a documentation repository for the entire course.


  • System Setup

  • What is versioning?

  • Git Overview & History

  • Basic CLI usage (w/ lab)

  • External Repositories (w/ lab)

  • GUI Tools (w/ lab)

  • Advanced Usage (w/ lab)

  • Student Docs Repo Lab