SOC Level 1

Download PDF version
  • 4 Days Course
  • Language: English

Introduction:

Take your SOC analyst skills to the next level with four full days of intensive live training, labs, and challenges designed to build the foundational skills essential for success in defensive security operations. This course provides deep, practical coverage of monitoring, detection, analysis, and incident response across key areas including phishing, network security, endpoint protection, SIEM management, threat intelligence, and DFIR (Digital Forensics and Incident Response).

By the end of the training, you’ll have a comprehensive understanding of Security Operations Center functions and investigative techniques—developed through real-world scenarios that reflect the demands placed on today’s SOC professionals.

This course includes an Exam Vouchers for TCM Security’s Practical SOC Analyst Associate (PSAA) certification. Each exam voucher includes 1 exam attempt and is valid for 12-months from the course completion date.

Objectives:

Security Operations Fundamentals
Phishing Analysis
Network Security Monitoring
Network Traffic Analysis
Endpoint Security Monitoring
Endpoint Detection and Response
Log Analysis and Management
Security Information and Event Management (SIEM)
Threat Intelligence
Digital Forensics
Incident Response

Course Outline:

Day 1

  • Class Introduction
  • Lab Access, Setup, and Configuration
  • Understanding the SOC
  • Understanding Phishing Attacks and Techniques
  • Email Analysis
  • URL Analysis
  • Attachment Analysis
  • MalDoc Analysis
  • Phishing Defenses
  • Ticket Challenge – Walkthrough and Break
  • Understanding Packets and Flows
  • Network Traffic Analysis with TCPDump
  • Network Traffic Analysis with Wireshark
  • Ticket Challenge

Day 2

  • Understanding Endpoint Security
  • Windows – Hunting Malicious Network Connections
  • Windows – Hunting Malicious Processes
  • Live IR with SysInternals and Autoruns
  • Windows – Understanding Core Processes
  • Windows – Hunting Persistence
  • Ticket Challenge – Walkthrough and Break
  • Linux – Hunting Malicious Network Connections
  • Linux – Hunting Malicious Processes
  • Linux – Understanding Core Processes
  • Linux – Hunting Persistence
  • Ticket Challenge – Walkthrough and Break
  • Understanding the SIEM
  • Common Attack Signatures
  • Command Line Log Analysis
  • Ticket Challenge

Day 3

  • Splunk Introduction
  • Search Processing Language
  • Search Commands
  • Reporting, Alerting, and Dashboards
  • Investigating Intrusions with Splunk
  • Deploying Forwarders
  • Ticket Challenge – Walkthrough and Break
  • Understanding Threat Intelligence
  • Threat Intelligence Frameworks
  • MITRE ATT&CK
  • Ticket Challenge – Walkthrough and Break
  • Detecting Malware with YARA
  • Reading and Writing YARA Rules
  • Ticket Challenge

Day 4

  • Understanding Digital Forensics Investigations
  • Disk Image Acquisition with FTK Imager
  • Memory Acquisition with FTK Imager
  • Ticket Challenge – Walkthrough and Break
  • Windows Forensic Artifacts
  • Forensic Image Analysis with Autopsy
  • Memory Analysis with Volatility
  • Ticket Challenge – Walkthrough and Break
  • The Incident Response Process
  • Training Wrap-Up

Enroll in this course

Select a start date for your 4 Days course

This product is currently out of stock and unavailable.

Questions About This Course?

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

Contact Us

© 2023 Cloud Skills Now. All Rights Reserved

USD United States (US) dollar
CAD Canadian dollar