Free Content
Start Learning — No Account Required
Every course on the platform includes free modules that you can access immediately. No email, no registration, no payment. Claude Essentials for Security Professionals is entirely free.
Free modules in every course
The first two modules of every course are free. Start any course below — if you want to continue, subscribe for full access.
Security Automation and Orchestration
SA0: The Automation Problem — why SOCs don't automate, the three automation tiers, confidence thresholds, blast radius assessment. SA1: Sentinel Automation Fundamentals — automation rules, playbooks, your first deployed playbook.
Start SA0 →Detection Engineering
DE0: The Detection Gap — why 23 analytics rules leave 93% of ATT&CK uncovered. DE1: Detection Rule Architecture — Sentinel analytics rule types, scheduled rules, NRT rules, entity mapping, the rule specification template.
Start DE0 →Master Incident Triage and First Response
TR0: The Triage Problem — the 60-minute window, hybrid environment mapping, the triage scorecard. TR1: Evidence Volatility — order of volatility across cloud, Windows, and Linux, memory acquisition, preservation decision trees.
Start TR0 →Practical Incident Response
IR0: Course Introduction — the IR lifecycle, investigation methodology, the Northgate Engineering environment. IR1: Toolkit Setup — KAPE, Eric Zimmerman Tools, Volatility3, your investigation workstation.
Start IR0 →Practical Linux IR
LX0: The Linux IR Landscape — Linux-specific threats, investigation differences from Windows, the Linux forensic toolkit. LX1: Evidence Collection — live response commands, LiME memory capture, log preservation.
Start LX0 →Entra ID Security
EI0: Identity Threat Landscape — identity-centric attacks, the Entra ID attack surface. EI1: Sign-In Logs — your identity telemetry, KQL for sign-in analysis, risk detection.
Start EI0 →Practical Threat Hunting in M365
TH0: The Detection Gap — why threat hunting exists, hunt-to-detection pipeline. TH1: Hunt Methodology — hypothesis-driven hunting, data source mapping, hunt documentation.
Start TH0 →Mastering KQL
K0: Course Introduction — KQL in the Microsoft security stack, the query development process. K1: How KQL Processes Data — the tabular data model, operator pipeline, query execution.
Start K0 →M365 Security Operations
Module 0: Course Introduction — the M365 security landscape, Defender XDR architecture. Module 1: Defender XDR — the unified incident queue, investigation workflow.
Start Module 0 →SOC Operations
S0: Course Introduction — the SOC operational model, roles and responsibilities. S1: SOC Foundations — operational readiness, shift management, escalation frameworks.
Start S0 →Practical GRC
G0: Course Introduction — what GRC actually is, the operational GRC model. G1: What GRC Is — governance, risk, and compliance as operational capabilities.
Start G0 →Claude for Security Professionals
C0: Course Introduction — Claude models, capabilities and limitations for security work. C1: AI Security Landscape — how AI fits into security operations.
Start C0 →