Winter Semester · TH Rosenheim

Security Analytics (SecA)

TH RosenheimWinter SemesterProf. Dr.-Ing. Kevin Mayer

Security Analytics (SecA)

This is the coure “Security Analytics (SecA)” given each winter semester at the Technische Hochschule Rosenheim.

The responsible professor is Prof. Dr.-Ing. Kevin Mayer.

The module SecA introduces the Security Information and Event Management (SIEM) toolchain, a lab environment, and core security analysis skills. Students will work through a fictional cyber security incident, specifically a phishing triage with basic network traffic analysis. The course covers anomaly detection via statistical baselines, threat intelligence integration, and SIEM correlation rule engineering. Students write detection rules for observed indicators. Further, a deep dive into the Incident Response workflow, memory forensics, and introductory malware analysis is conducted. Students produce a full memory and malware analysis report. The course explores Machine-Learning-based log analysis and hypothesis-driven threat hunting. The course ties together the full attack chain attribution, reporting, and dashboard design to give the students a broad skillset for cyber security defense operations.

The lecture concept was awarded with the Lehrförderpreis in 2026.

Labs and reports

The labs happen after each larger module. You have 72 hours to submit the report on Learning Campus. See the due dates and hours in the table below.

Important: You must have submitted at least 3 reports to be eligible for the exam. You may need to revise a report.

Schedule

The lecture is on each WEEKDAY in room B0.08.

There will be a on-site lecture with a connected exercise. You can also prepare in advance using the lecture script.

Date What we cover Exercise Preparation Due?
DD.MM.YYYY Course Intro & SIEM Basics E0 Section 1.1 SIEM Basics -
DD.MM.YYYY Log Analysis E1 Section 1.2 Log Analysis -
DD.MM.YYYY Network Trafic Analysis E2 Section 1.3 Network Tra!c Analysis -
DD.MM.YYYY Publish lab 1 material - HH:MM:SS (GMT+2)
DD.MM.YYYY Lab 1 report submission - HH:MM:SS (GMT+2)
DD.MM.YYYY Anomaly Detection E3 Section 2.1 Anomaly Detection -
DD.MM.YYYY Threat Intelligence E4 Section 2.2 Threat Intelligence -
DD.MM.YYYY IOCs and TTPs E5 Section 2.3 IoCs and TTPs -
DD.MM.YYYY Signatures and Correlation Rules E6 Section 2.4 Signatures and Correlation Rules -
DD.MM.YYYY Publish lab 2 material - HH:MM:SS (GMT+2)
DD.MM.YYYY Lab 2 report submission - HH:MM:SS (GMT+2)
DD.MM.YYYY Incident Response E7 Section 3.1 Incident Response -
DD.MM.YYYY Digital Forensics E8 Section 3.2 Digital Forensics -
DD.MM.YYYY Malware Analysis E9 Section 3.3 Malware Analysis -
DD.MM.YYYY Publish lab 3 material - HH:MM:SS (GMT+2)
DD.MM.YYYY Lab 3 report submission - HH:MM:SS (GMT+2)
DD.MM.YYYY Machine Learning for Security E10 Section 4.1 Machine Learning for Security -
DD.MM.YYYY Legal Aspects E11 Section 4.2 Legal Aspects -
DD.MM.YYYY Threat Hunting E12 Section 4.3 Threat Hunting -
DD.MM.YYYY Publish lab 4 material - HH:MM:SS (GMT+2)
DD.MM.YYYY Lab 4 report submission - HH:MM:SS (GMT+2)
DD.MM.YYYY MITRE ATT&CK E13 Section 4.4 MITRE ATT&CK -
DD.MM.YYYY Exam Prep - -