SOC Analyst Training Course
This intensive 40-day course covers the fundamentals of Security Operations Center (SOC) duties, focusing on monitoring, detection, incident response, and reporting. Each week, students will explore different aspects of SOC operations, followed by practical lab sessions to reinforce their learning. Our curriculum is built to provide a deep understanding of various tools and techniques used in the industry, ensuring students gain practical experience with open-source tools and platforms.
Week 1: Introduction to SOC and Security Monitoring (Days 1-5)
-
Topics Covered:
-
Overview of Security Operations Center (SOC)
-
SOC Roles and Responsibilities
-
Introduction to Security Information and Event Management (SIEM)
-
Setting Up a Lab Environment
-
-
Labs:
-
Setting up VirtualBox/VMware with Wazuh
-
Basic configuration of Wazuh for security monitoring
-
Week 2: Security Information and Event Management (SIEM) - Wazuh (Days 6-10)
-
Topics Covered:
-
Introduction to Wazuh SIEM
-
Log Management and Analysis
-
Configuring Wazuh Agents
-
Customizing Wazuh Rules and Alerts
-
-
Labs:
-
Deploying and configuring Wazuh agents on different systems
-
Creating and customizing Wazuh rules and alerts
-
Analyzing logs and alerts in Wazuh
-
Week 3: Security Information and Event Management (SIEM) - IBM QRadar (Days 11-15)
-
Topics Covered:
-
Overview of IBM QRadar
-
Log Collection and Management in QRadar
-
Creating and Managing QRadar Rules
-
Incident Detection and Response with QRadar
-
-
Labs:
-
Setting up IBM QRadar Community Edition
-
Configuring log sources and collection in QRadar
-
Creating rules and alerts in QRadar
-
Investigating incidents using QRadar
Week 5: Threat Intelligence and Hunting (Days 21-25)
-
Topics Covered:
-
Introduction to Threat Intelligence
-
Threat Intelligence Sources and Platforms
-
Threat Hunting Methodologies
-
Using Threat Intelligence in SOC Operations
-
-
Labs:
-
Integrating threat intelligence feeds into Wazuh
-
Performing threat hunting using Wazuh and Splunk
-
Analyzing threat intelligence data to identify potential threats
-
Week 7: Security Orchestration, Automation, and Response (SOAR) (Days 31-35)
-
Topics Covered:
-
Overview of SOAR Solutions
-
Automation and Orchestration in SOC
-
Implementing Playbooks and Workflows
-
Integrating SOAR with SIEM Tools
-
-
Labs:
-
Setting up and configuring a SOAR platform (e.g., TheHive)
-
Creating and testing automation playbooks
-
Integrating SOAR with Wazuh and QRadar
-
Week 4: Security Information and Event Management (SIEM) - Splunk (Days 16-20)
-
Topics Covered:
-
Introduction to Splunk for SIEM
-
Data Onboarding and Management in Splunk
-
Searching and Reporting in Splunk
-
Creating Alerts and Dashboards in Splunk
-
-
Labs:
-
Setting up Splunk Free version
-
Onboarding data into Splunk
-
Creating searches, reports, and dashboards in Splunk
-
Setting up alerts and monitoring dashboards
-
Week 6: Incident Response and Handling (Days 26-30)
-
Topics Covered:
-
Introduction to Incident Response
-
Incident Response Lifecycle
-
Tools and Techniques for Incident Handling
-
Developing Incident Response Plans
-
-
Labs:
-
Simulating incident response scenarios using Wazuh
-
Using QRadar for incident detection and response
-
Creating and implementing an incident response plan
-
Week 8: Reporting and Compliance (Days 36-40)
-
Topics Covered:
-
Importance of Reporting and Documentation
-
Compliance Standards and Frameworks (e.g., GDPR, ISO 27001)
-
Developing and Presenting Reports
-
Review of Legal and Ethical Issues
-
-
Labs:
-
Generating compliance reports using Wazuh
-
Creating detailed incident reports with QRadar
-
Analyzing compliance requirements and ensuring adherence
-
Enrollment
Ready to take the next step in your cybersecurity career? Enroll in our SOC Analyst course today and become a part of the CX2 Space community.