The course starts by introducing the concept of the SOC, its structure, processes, and operational tiers. It then covers essential networking fundamentals required for SOC analysts, including protocols, services, and how network traffic is leveraged in cyber attacks.
Participants will gain a comprehensive overview of common and advanced cyber attacks such as IP spoofing, DDoS, DNS poisoning, brute force, privilege escalation, phishing, SQL injection, zero-day attacks, and more — with a focus on how these attacks appear in logs and network traffic.
A major part of the course focuses on SIEM technologies, explaining how SIEM systems work, their capabilities, and how they differ from log management systems. The course provides in-depth training on Splunk, including architecture, data ingestion, SPL searching, reports, dashboards, alerts, lookups, event types, and performance optimization.
Advanced topics include OSINT fundamentals, Threat Intelligence, Incident Response, and the MITRE ATT&CK® framework, with an overview of real-world APT group behaviors.
What you'll learn
The course concludes with intensive hands-on labs, covering:
SIEM-based investigation of APT attacks
Ransomware incident analysis
Log analysis using Splunk
Malware traffic analysis using Wireshark
Learning Outcomes
By the end of this course, participants will be able to:
Perform the role of a junior to mid-level SOC Analyst
Analyze and investigate security incidents using logs
Effectively use Splunk for threat detection and incident response
Map attacks to the MITRE ATT&CK framework
Apply structured incident response methodologies in real-world scenarios
