SOC Analyst Training Course

Domain 1 : Security Terminologies, OS Basics & Network Fundamentals

• Why do we need Security?
• CIA Triad
• Concept of AAA
• Hacking Concepts
• Types of Hackers
• Domains of Security
• Ethical Hacking Phases
• Types of Attacks
• Network Fundamentals
  • NOC vs SOC
  • The OSI Model
  • Network Devices
  • Network Tools – Firewall, IDS, IPS, VPN, Switches, Routers
  • Ports and Services
  • Conducting a Port Scan with Nmap [Practical]
• Windows Operating System Fundamentals [Practical]
  • Investigating Windows Operating System
  • Windows Event Logs
  • Windows Registry
  • Scheduled Tasks
  • File Analysis
  • SysInternals Suite
  • Command Prompt
  • Sysmon (System Monitor)
• Linux Operating System Fundamentals [Practical]
  • Linux Directory Services
  • Most useful Linux Commands in SOC
  • Events Logs in Linux
  • Linux System Services

Domain 2: Blue Team Operations Architecture

• Why do we need SOC?
• What is SOC?
• Functions of SOC
• SOC Models & Types
• SOC Teams & Roles
• Incidents vs Events
• True vs False Incident Categories
• Concept of Logging
  • Local Logging vs Centralized Logging
• Log Management & Log Analysis
  • Log Management needs
  • Concept of Log Analysis
  • Web Server Logs
  • Firewall Logs
  • SSH Logs
  • Windows Event Logs
  • Using Regex for Log Analysis [Practical]
• SOC Workflow: ITSM Workflow
• ITSM Tools: Service Now, JIRA, BMC, Request Tracker, etc.

Domain 3 : SIEM – Nervous System of SOC

• Why do we need SIEM?
• What is SIEM?
  • Security Information Management (SIM)
  • Security Event Management (SEM)
• SIEM guidelines and architecture
• SIEM Capabilities: Aggregation, Correlation, Reporting, Storage, Alerts, etc.
• Using Splunk [Practical]
  • Section Introduction
  • Installing Splunk
  • UI Navigation
  • Search Queries using SPL
  • Creating Alerts & Dashboard

 Domain 4: Importance of Threat Intelligence

• What is Threat?
• Why do we need Intelligence?
• Introduction to Threat Intelligence
• Threats, Threat Actors, APTs & Global Campaigns
  • Network Level Threats
  • Web App Level Threats
  • Host Level Threats
• IOCs vs IOA vs Precursors
• Traffic Light Protocol (TLP)
• Pyramid of Pain [Practical]
• Collecting Threat Intelligence [Practical]
  • Paid vs Open-Source Intelligence Gathering
• Types of Threat Intelligence
  • Strategic Threat Intelligence
  • Operational Threat Intelligence
  • Tactical Threat Intelligence
  • Technical Threat Intelligence
• Enhanced Detection with Threat Intelligence
• Maltego, MISP, STIX, TAXII, etc. [Practical]

Domain 5: Basics of Incident Response & Forensics

• Forensics Fundamentals
  • File Systems
  • Hard Disk Drive Basics
  • Forensics Process [Practical]
  • Digital Evidence and Handling
  • Order of Volatility
  • Chain of Custody
  • Hashing & Integrity
• Email Forensics
  • How Electronic Mail Works
  • Anatomy of an Email
  • What is Phishing?
  • Types of Phishing
    • Spear Phishing
    • Whaling
    • Impersonation
    • Typosquatting and Homographs
    • Sender Spoofing
    • URL Shortening
    • Business Email Compromise
• Analysing Phishing Emails [Practical]
  • Analysing Artifacts
  • Red Flags of Phishing Emails
  • URL Reputation
  • File Reputation
  • SPF
  • DKIM
  • DMARC
  • Manual & Automated Analysis
• Incident Response
  • Introduction to Incident Response
  • What is an Incident Response?
  • Why is IR Needed?
  • Incident Response Lifecycle – NIST SP 800 61r2
  • Incident Response Plan: Preparation, Detection & Analysis, Containment, Eradication, Recovery, Lessons Learned
  • Incident Response and Security Operations Integration
  • Case Study: Cyber Kill Chain in Incident Response
  • Lockheed Martin Cyber Kill Chain
    • What is it, why is it used ?
    • Case Study: Monero Crypto-Mining
  • MITRE ATT&CK Framework [Practical]
    • What is it, why is it used ?
    • Matrices in Mitre
    • Mapping Data with Mitre
    • Case Study 1: APT3
    • Case Study 2: OilRig

• Technical Support Engineers
• System Administrators
• Security Consultants
• Cyber Security Analysts
• Network Engineers
• Network Architects or Admin
• Security System Engineers
• SOC Analysts (L1 & L2)
• Information Security Researcher
• Entry-level Information Security role
• Anyone Who wants to become SOC Analyst

Basic Knowledge of:

• Networking fundamentals
• OS basics & Troubleshooting is recommended
• Basics of Information Security
• Basics of Cyber World & Security
• Beginner or Fresher for SOC Operations Centre
• Working on Information Security Role

This course is not directly linked to any exam. However, the course curriculum provides in-depth training and expertise for participants to qualify any SOC exam or interview to become seasoned SOC Analysts.

• Understand the core principles of Information Security, including confidentiality, integrity, availability, non-repudiation, and managerial, technical, and operational security controls.
• Gain expertise in Security Operations Center (SOC) workflows, roles, and technologies to monitor and manage cyber threats effectively.
• Master the techniques for identifying and mitigating cyber threats like malware, ransomware, and Advanced Persistent Threats (APTs).
• Develop proficiency in vulnerability assessment and management, covering the complete lifecycle from asset identification to risk mitigation.
• Acquire hands-on experience in log management and analysis using tools like Splunk to detect anomalies and secure infrastructure.
• Build advanced skills in malware analysis, digital forensics, and incident response to investigate, contain, and remediate sophisticated cyber attacks.