Security Analytics (SecA)
This is the coure “Security Analytics (SecA)” given each winter semester at the Technische Hochschule Rosenheim.
The responsible professor is Prof. Dr.-Ing. Kevin Mayer.
The module SecA introduces the Security Information and Event Management (SIEM) toolchain, a lab environment, and core security analysis skills. Students will work through a fictional cyber security incident, specifically a phishing triage with basic network traffic analysis. The course covers anomaly detection via statistical baselines, threat intelligence integration, and SIEM correlation rule engineering. Students write detection rules for observed indicators. Further, a deep dive into the Incident Response workflow, memory forensics, and introductory malware analysis is conducted. Students produce a full memory and malware analysis report. The course explores Machine-Learning-based log analysis and hypothesis-driven threat hunting. The course ties together the full attack chain attribution, reporting, and dashboard design to give the students a broad skillset for cyber security defense operations.
The lecture concept was awarded with the Lehrförderpreis in 2026.
Labs and reports
The labs happen after each larger module. You have 72 hours to submit the report on Learning Campus. See the due dates and hours in the table below.
Important: You must have submitted at least 3 reports to be eligible for the exam. You may need to revise a report.
Schedule
The lecture is on each WEEKDAY in room B0.08.
There will be a on-site lecture with a connected exercise. You can also prepare in advance using the lecture script.
| Date | What we cover | Exercise | Preparation | Due? |
|---|---|---|---|---|
| DD.MM.YYYY | Course Intro & SIEM Basics | E0 | Section 1.1 SIEM Basics | - |
| DD.MM.YYYY | Log Analysis | E1 | Section 1.2 Log Analysis | - |
| DD.MM.YYYY | Network Trafic Analysis | E2 | Section 1.3 Network Tra!c Analysis | - |
| DD.MM.YYYY | Publish lab 1 material | - | HH:MM:SS (GMT+2) | |
| DD.MM.YYYY | Lab 1 report submission | - | HH:MM:SS (GMT+2) | |
| DD.MM.YYYY | Anomaly Detection | E3 | Section 2.1 Anomaly Detection | - |
| DD.MM.YYYY | Threat Intelligence | E4 | Section 2.2 Threat Intelligence | - |
| DD.MM.YYYY | IOCs and TTPs | E5 | Section 2.3 IoCs and TTPs | - |
| DD.MM.YYYY | Signatures and Correlation Rules | E6 | Section 2.4 Signatures and Correlation Rules | - |
| DD.MM.YYYY | Publish lab 2 material | - | HH:MM:SS (GMT+2) | |
| DD.MM.YYYY | Lab 2 report submission | - | HH:MM:SS (GMT+2) | |
| DD.MM.YYYY | Incident Response | E7 | Section 3.1 Incident Response | - |
| DD.MM.YYYY | Digital Forensics | E8 | Section 3.2 Digital Forensics | - |
| DD.MM.YYYY | Malware Analysis | E9 | Section 3.3 Malware Analysis | - |
| DD.MM.YYYY | Publish lab 3 material | - | HH:MM:SS (GMT+2) | |
| DD.MM.YYYY | Lab 3 report submission | - | HH:MM:SS (GMT+2) | |
| DD.MM.YYYY | Machine Learning for Security | E10 | Section 4.1 Machine Learning for Security | - |
| DD.MM.YYYY | Legal Aspects | E11 | Section 4.2 Legal Aspects | - |
| DD.MM.YYYY | Threat Hunting | E12 | Section 4.3 Threat Hunting | - |
| DD.MM.YYYY | Publish lab 4 material | - | HH:MM:SS (GMT+2) | |
| DD.MM.YYYY | Lab 4 report submission | - | HH:MM:SS (GMT+2) | |
| DD.MM.YYYY | MITRE ATT&CK | E13 | Section 4.4 MITRE ATT&CK | - |
| DD.MM.YYYY | Exam Prep | - | - |