Cyber Security SOC Analyst Training - SIEM (Splunk)

Learn the fundamentals required to become a SOC Analyst with over 50 hours of training.

Course Overview
Comprehensive Training

This course aims to equip students with all of the fundamental security operations knowledge and practical skills needed in order to achieve and excel in a L1 or L2 SOC Analyst position. By covering topics such as phishing analysis, incident response procedures, threat detection techniques, log analysis, SIEM management, and security tool utilization, students will gain the essential competencies required to effectively monitor, analyze, and respond to security incidents within a SOC environment.

Hands-On Learning

Students will be able to actively engage with the course material through bite-sized video demonstrations, written materials and references, quizzes to assess comprehension, and practical exercises that simulate real-world scenarios.

Career Preparation

By the end of the course, participants will be proficient in using various common security tools, analyzing security events and artifacts, handling alert tickets, triaging, and responding effectively to incidents within a SOC. Additionally, the course aims to foster critical thinking skills and encourage both proactive and reactive methodologies, which are pivotal for skilled analysts.

Key Topics Covered
1
Core Fundamentals

Security Operations Fundamentals, Phishing Analysis, Network Security Monitoring

2
Advanced Techniques

Network Traffic Analysis, Endpoint Security Monitoring, Endpoint Detection and Response

3
Analysis and Management

Log Analysis and Management, Security Information and Event Management (SIEM), Threat Intelligence

4
Incident Handling

Digital Forensics, Incident Response

System Requirements
Processor

64-bit Intel i5 or i7,

2.0 GHz or higher.

RAM

At least 8 GB (ideally 8-12+ GB) to efficiently run multiple VMs.

Disk Space

80-100 GB of free storage. SSDs are recommended for better performance.

Prerequisites
1
Networking Fundamentals

Basic understanding of TCP/IP and OSI models. Knowledge of network concepts such as subnets, internal vs. external IP addresses, network address translation, and routing. Familiarity with common protocols (e.g., SSH, FTP, HTTP, HTTPS).

2
Operating System Fundamentals

Basic familiarity with Windows and Linux components. Working with the command-line and knowledge of basic commands and navigation (e.g., cd, ls, cat). Troubleshooting skills.

3
Basic Information Security Concepts

Understanding of foundational security concepts such as the CIA triad, security controls, encryption, and hashing. Basic security appliances and controls (e.g., firewalls, proxies, VPNs, EDR).

Course Objectives
1
Foundational Knowledge

Understand the foundational principles and practices of security operations.

2
Threat Analysis

Learn techniques for analyzing and identifying phishing attacks. Develop skills in monitoring network traffic for security threats and anomalies.

3
Endpoint Security

Develop skills in monitoring and analyzing security events on individual hosts.

4
SIEM Proficiency

Learn how to effectively use a SIEM for security event correlation, analysis, and incident management.

5
Threat Intelligence

Learn how to leverage threat intelligence to enhance security operations and incident response.

6
Digital Forensics

Develop an understanding of digital forensics processes, common tools, and methodologies.

7
Incident Response

Understand the procedures, and best practices for incident response in a SOC environment.

Who Should Take SOC Course?
Ideal Candidates for SOC Course

This course will be aimed at individuals who are looking to pursue a career in cybersecurity (beginners with basic or little cybersecurity knowledge or experience), specifically focusing on defensive security operations within a Security Operations Center (SOC) environment.

Course Benefits


Introduction to the Course
1
Course Introduction

A preview of the course content and structure.

2
Prerequisites and Course Resources

Overview of what you need to know and have before starting the course.

3
Course Discord and Support

A guide on how to access and use the course support channels.

Lab Setup
1
Installing Oracle VM VirtualBox

Guide on setting up the virtualization environment.

2
Installing and Configuring Windows

Setting up the Windows virtual machine.

3
Installing and Configuring Ubuntu

Setting up the Ubuntu virtual machine.

4
Configuring the Lab Network

Setting up the network for your lab environment.

Security Operations Fundamentals
1
The SOC and Its Role

Introduction to Security Operations Centers and their importance.

2
Day in the Life of a SOC Analyst

Overview of what to expect in a typical workday as a SOC analyst.

3
Information Security Refresher

Recap of essential information security concepts.

4
SOC Models and Tools

Multiple lectures covering SOC organizational structures, incident management, metrics, and common tools used in security operations.

Phishing Analysis
1
Introduction to Phishing

Overview of phishing attacks and their impact.

2
Email Fundamentals and Analysis

Multiple lectures covering email basics, phishing attack types, and analysis methodologies.

3
Advanced Analysis Techniques

Lectures on URL analysis, attachment analysis, and using automated tools like PhishTool.

4
Phishing Defense and Reporting

Lectures on reactive and proactive phishing defense strategies, as well as documentation practices.

Network Security
Network Security Theory

Lecture on fundamental network security concepts.

Packet Analysis Tools

In-depth tutorials on using tcpdump and Wireshark for network traffic analysis.

Intrusion Detection and Prevention

Introduction to IDS/IPS systems and hands-on practice with Snort.

Endpoint Security
1
Introduction to Endpoint Security

Endpoint security concepts and importance.

2
Windows Analysis

Multiple lectures covering Windows network, process, registry, and event log analysis.

3
Linux Analysis

Lectures on Linux network, process, and cron job analysis.

4
Endpoint Detection and Response

Introduction to LimaCharlie EDR tool and hands-on practice.

Security Information and Event Management (SIEM)
1
SIEM Fundamentals

Introduction to SIEM concepts, architecture, and deployment models.

2
Log Analysis

Lectures on log types, formats, and analysis techniques.

3
Splunk Training

Comprehensive tutorials on using Splunk for security event management and analysis.

4
Practical Challenges

Hands-on exercises including a website defacement investigation and a ransomware challenge.

Threat Intelligence
1
Threat Intelligence Fundamentals

Introduction to types of threat intelligence and the threat intelligence cycle.

2
Threat Modeling Frameworks

Lectures on the Diamond Model, Cyber Kill Chain, Pyramid of Pain, and MITRE ATT&CK.

3
YARA Rules

Introduction to YARA and hands-on practice writing YARA rules.

4
Threat Intelligence Platforms

Introduction to MISP (Malware Information Sharing Platform) and practical usage.

Digital Forensics
1
Forensic Fundamentals

Introduction to digital forensics, investigation processes, and chain of custody.

2
Forensic Tools

Hands-on practice with FTK Imager for disk and memory acquisition.

3
Windows Forensics

In-depth analysis of common Windows forensic artifacts.

4
Memory Forensics

Introduction to Volatility and hands-on memory analysis techniques.

Incident Response
1
IR Fundamentals

Introduction to incident response concepts and frameworks.

2
Preparation and Identification

Lectures on preparing for incidents and identifying potential security breaches.

3
Containment and Eradication

Strategies for containing and eliminating threats from compromised systems.

4
Recovery and Lessons Learned

Processes for system recovery and conducting post-incident reviews.

Course Conclusion
Course Wrap Up

Conclusion summarizing the key takeaways from the course.



About the Instructor: Andrew Prince
Experience

Raghav is a seasoned and passionate security professional who brings a wealth of experience in areas such as security operations, incident response, threat hunting, vulnerability management, and cloud infrastructure security.

Background

With a professional background in Telecom and Banking Industry, Raghav offers a well-rounded perspective on his security strategy. Andrew also navigates both offensive and defensive operations to provide a holistic approach to keeping people, processes, and technology secure.

Community Involvement

He is also active in developing various Capture the Flag challenges, creating security training, and sharing knowledge through content creation.

Enroll Now

Begin your path to becoming a skilled SOC Analyst with our comprehensive 50+ hour training program. Gain the knowledge and hands-on experience needed to excel in the cybersecurity field.