Security Operations Center (SOC) Analyst

About Course

This course prepares participants to work effectively in a modern Security Operations Center. It focuses on real-time monitoring, analysis, and response to security incidents using SIEM platforms, threat intelligence feeds, and standardized operating procedures. It aligns with professional certifications standards and gives learners a strong foundation in cybersecurity operations and incident detection.

25 modules and 12 lab projects

Understand SOC structures, analyst roles, and responsibilities
Master the security incident lifecycle and analyst tiering
Work with IOC, TTP, and threat intelligence concepts
Identify and analyze log sources from firewalls, IDS/IPS, and endpoints
Build and use SOC playbooks and runbooks
Deploy and configure open-source SIEM platforms (Wazuh, Splunk)
Normalize logs, create correlation rules, and fine-tune alerts
Detect threats using MITRE ATT&CK framework
Conduct threat hunting and malware triage activities
Perform incident escalation, documentation, and case handling
Coordinate with IR and forensic teams during investigations
Utilize EDR tools and advanced monitoring dashboards
Simulate real-world attacks in blue vs. red team scenarios

Course Content

Part 1: Introduction to SOC Operations

Module 1: SOC Structures, Roles, and Responsibilities
Module 2: Security Incident Lifecycle & Analyst Tiers
Module 3: Introduction to Threat Intelligence and IOC/TTP Concepts
Module 4: Log Sources: Firewalls, IDS/IPS, Endpoints, and Servers
Module 5: Understanding SOC Playbooks and Runbooks

Part 2: Log Analysis and SIEM Fundamentals

Part 3: Threat Detection and Investigation

Part 4: Incident Response and Escalation

Part 5: Advanced Monitoring and Blue Teaming

Student Ratings & Reviews

No Review Yet

Security Operations Center (SOC) Analyst

About Course

What Will You Learn?

Course Content

Part 1: Introduction to SOC Operations

Module 1: SOC Structures, Roles, and Responsibilities

Module 2: Security Incident Lifecycle & Analyst Tiers

Module 3: Introduction to Threat Intelligence and IOC/TTP Concepts

Module 4: Log Sources: Firewalls, IDS/IPS, Endpoints, and Servers

Module 5: Understanding SOC Playbooks and Runbooks

Part 2: Log Analysis and SIEM Fundamentals

Module 1: Introduction to SIEM: Architecture and Purpose

Module 2: Log Collection and Normalization Techniques

Module 3: Event Correlation and Alert Generation

Module 4: Hands-on Labs with Open-Source SIEM (e.g., Wazuh or Splunk)

Module 5: Use Case Creation and Alert Tuning

Part 3: Threat Detection and Investigation

Module 1: Identifying Common Attack Patterns (MITRE ATT&CK)

Module 2: Indicators of Compromise and Behavioral Analysis

Module 3: Hands-on Threat Hunting Exercises

Module 4: Analyzing Alerts and Investigating Incidents

Module 5: Malware Analysis Basics for SOC Analysts

Part 4: Incident Response and Escalation

Module 1: Introduction to Incident Response Frameworks (NIST, SANS)

Module 2: Documentation and Case Management in a SOC

Module 3: Escalation Procedures and Stakeholder Communication

Module 4: Coordinating with Digital Forensics and IR Teams

Module 5: Post-Incident Reporting and Root Cause Analysis

Part 5: Advanced Monitoring and Blue Teaming

Module 1: Advanced Threat Detection Techniques

Module 2: Endpoint Detection and Response (EDR) Tools

Module 3: Threat Intelligence Integration in SIEM

Module 4: Creating Dashboards and Reports for SOC Visibility

Module 5: Blue Team vs. Red Team Exercises and Simulations