Program Highlights
The SOC (Security Operations Center) Analyst training curriculum has been carefully crafted to provide aspiring and present SOC Analysts with a thorough knowledge of SOC operations and processes. Learn to recognize and respond to information security incidents, create and track security events like alerts, and conduct security investigations. Learn tools like Splunk and Security Onion.
- 32-Hour LIVE Instructor-led Training
- Highly Customized Training
- Hands-on Labs
- Scenario-based Learning on Latest Tools
- Hands-on exam to get certified
- Career Guidance and Interview Prep
- Post Training Support
- Access to Recorded Sessions
Learning Schedule
- upcoming classes
- corporate training
- 1 on 1 training
19 Oct - 10 Nov | Online | Weekend | 09:00 - 13:00 IST | BATCH OPEN |
Why Choose Our Corporate Training Solution
- Upskill your team on the latest tech
- Highly customized solutions
- Free Training Needs Analysis
- Skill-specific training delivery
- Secure your organizations inside-out
Why Choose 1-on-1 Training
- Get personalized attention
- Customized content
- Learn at your dedicated hour
- Instant clarification of doubt
- Guaranteed to run
Can't Find a Suitable Schedule? Talk to Our Training Advisor
SOC Analysts play a crucial position in today’s security teams since they are on the front lines of cyber defense, identifying and responding to cyber threats as they occur.
The InfosecTrain’s SOC Analyst training course is specifically created for aspiring and current SOC Analysts who want to learn how to prevent, identify, assess, and respond to cybersecurity threats and incidents. The course is the first level of a course series that includes Level 1-SOC Analyst and Level 2-SOC Specialist, and is specifically designed to assist you in mastering over trending and in-demand technical abilities to carry out numerous sophisticated SOC activities.
The course begins with the fundamentals of SOC teams and Blue Team operation architecture before moving on to more advanced topics such as digital forensics, incident response, threat intelligence, and SIEM (Security Incident and Event Management) solutions.
This training course also helps participants plan their preparation for the SOC Analyst certification examinations, which are required to obtain the most sought-after position in the SOC team.
SOC Analyst Tools Covered
Skimming CyberSecurity Concepts
- Understanding Red, Blue & Purple teams
- Roles and responsibilities
- CIA Triad
- Networking Fundamentals
Security Operations 101
- Understanding SecOps
- Security monitoring and detection fundamentals
- Incident Response essentials
- Incident Response Lifecycle
- Pyramid of Pain & Diamond Model
- Understanding CTI and use cases
- APT, IoC concepts
- Understanding SOC terms, SOC KPIs, RACI etc.
- Security frameworks and benchmarks, CIS, NIST etc.
Linux Operating System Fundamentals [Hands-On]
- Linux Directory Services
- Most useful Linux Commands in SOC
- Events Logs in Linux
- Linux System Services
First Line of Defense
- Understanding SIEM
- Importance and factors while considering SIEM
- Basic Architecture of SIEM
- Correlation, aggregation, normalisation and parsing concepts
- SIEM logging standards
Incident Response with Wazuh SIEM [Hands-On]
- Introduction to Wazuh
- Wazuh Architecture & Why choose Wazuh?
- Integrating Wazuh agents with endpoints
- C2 with APT emulation & Active Responses with Wazuh
- Detection of process level attacks
- FIM monitoring with Wazuh
- Vulnerability Management using Wazuh
- System hardening using Wazuh
- Endpoint Protection (EDR ) using Wazuh
MITRE ATT&CK and D3FEND
- Introduction to ATT&CK Framework
- Understanding TTPs
- CTI correlation with ATT&CK
- Operationalizing ATT&CK for Red
- Operationalizing ATT&CK for Blue
- MITRE D3FEND
Windows Endpoint Hunting Essentials [Hands-On]
- Introduction
- Windows Processes
- Smss.exe
- Winlogon.exe
- Wininit.exe
- Services.exe
- Lsass.exe
- Svchost.exe
- Taskhost.exe
- Explorer.exe
- Monitoring and Detecting USB drives in Windows using Wazuh
- Process Injection lab in Wazuh
Hunting for APT (Advanced Persistent Threat) [Hands-On]
- Lab architecture
- Debrief: APT Dark Pink
- Dark Pink APT Timeline
- Dark Pink APT Activity
- Dark Pink APT Attack Chain
- Dark Pink APT MITRE Mapping
- Hunting APT using Jupyter Notebooks
Yara for Incident Response [Hands-On]
- Execute Yara tool
- Writing Yara Rules
- Basic Syntax Create & execute your first Yara Rule
- Finetune your Yara Rule
- Strings in Yara
- Case insensitive String
- Wide-Character String
- XOR String Base64 String
- Searching for full word
- Hunting with Yara
- Virustotal & Yara
Analysing Phishing Emails [Practical]
- Analysing Artefacts
- Red Flags of Phishing Emails
- URL Reputation
- File Reputation
- SPF
- DKIM
- DMARC
- Manual & Automated Analysis
Understanding Case Management [Hands-On]
- Deploying theHive
- Understanding the architecture
- TheHive4 VS TheHive5
- Creation & triage cases in Hive
- Using Hive Data fields
- Pushing Alerts to TheHive
- Using Responders
- Case Templates
Security Operations using Copilot [Hands-On]
- Copolit fundamentals
- Features of copilot
- Integration of Wazuh with Copilot
- AI use case of Copilot for SOC
SOAR 101 [Hands-On]
- SOAR fundamentals
- Deploying Shuffle
- Automation security using Shuffle
- SOAR + AI for next level ops
SOC Interview Preparation
- Common Questions & Situational Based Questions
- Key element to crack SOC/ any security interviews
- QnA
- Technical Support Engineers
- System Administrators
- Security Consultants
- Cyber Security Analysts
- Network Engineers
- Network Architects or Admin
- Security System Engineers
- SOC Analysts (L1 & L2)
- Information Security Researcher
- Entry-level Information Security role
- Anyone Who wants to become SOC Analyst
Basic Knowledge of:
- Networking fundamentals
- OS basics & Troubleshooting is recommended
- Basics of Information Security
- Basics of Cyber World & Security
- Beginner or Fresher for SOC Operations Centre
- Working on Information Security Role
This course is not directly linked to any exam. However, the course curriculum provides in-depth training and expertise for participants to qualify any SOC exam or interview to become seasoned SOC Analysts.
This SOC Analyst training course allows you to:
- Understand the Security Operation Center (SOC) team operations
- Understand Blue Team operations architecture
- In-depth knowledge of digital forensics, threat intelligence, and incident response
- Understand technical strategies, tools, and procedures to safeguard data for your organization
- Understand essential SOC tools like Splunk and Security Onion
- Understand how to recognize threats and implement countermeasures
How We Help You Succeed
Vision
Goal
Skill-Building
Mentoring
Direction
Support
Success
Your Trusted Instructors
6+ Years of Experience
Words Have Power
It was a great experience,got opportunity to explore many new things and able to sort out doubts logically.
It’s a very good and informative session. It is great to have an instructor who keeps inspiring you throughout the course.
The trainer has great knowledge about the topic, and he knows what he is teaching us. Kudos to him. Thank you so much InfosecTrain.
Impressed with the trainer’s details in explanation and his knowledge. He kept the class engaging, and I never felt bored or at a slow pace. He also gave enough time to complete the tasks and check back on the doubts. Thanks for this training.
I have learned the most about cyber security (SOC Analyst) from this organization. Our trainer, in particular, has given me the greatest advice and knowledge. Best Regards to the entire InfosecTrain team.
The SOC instructor is well known all over the social network. I found him initially on YouTube while preparing CC isc2 prior to joining my CISSP and was impressed with the way he was delivering the content. His energy was amazing, clear communication was loud and clear. He kept us awake and focused on these long hours the entire session. Well-mannered, friendly, dedicated, and committed trainer. Would love to join any future training at InfosecTrain.
Success Speaks Volumes
Get a Sample Certificate
Frequently Asked Questions
What is a Security Operation Center (SOC)?
A Security Operations Center (SOC) is an essential component of a data protection and security system that helps lower the level of risk that information systems face from external and internal threats.
What steps can I take to become a SOC Analyst?
You will need a bachelor’s degree in computer science or a related discipline to become a SOC Analyst. Additionally, you must receive sufficient training from a reputable institution to obtain certification and experience to become a SOC Analyst. Each company looking to hire a SOC Analyst will have different experience requirements, so get the experience you need.
What skills do you need to work as a SOC Analyst?
You will require the following skills to become a SOC Analyst:
- Programming skills
- Understanding of cybersecurity and information security fundamentals
- Understanding of network security
- Incident handling and documentation
- Ethical hacking skills
Is SOC a viable career option?
SOC Analyst is a job title that is held by both newcomers and seasoned professionals in the field of information security. It is a great stepping stone into a cybersecurity professional, but it is also challenging.
What do SOC Analysts get paid?
As per Indeed, the typical salary for a SOC Analyst in the United States is $84,601 per year.
What are the tools that a SOC Analyst employs?
- Splunk
- Security Onion
- AlienVault
What is the role of a SOC Analyst?
A SOC Analyst is a member of the cybersecurity team in charge of monitoring and combating threats to a company’s IT infrastructure. They are at the forefront against security threats, and they are responsible for evaluating security systems, discovering and repairing vulnerabilities, and increasing cyber resilience.
What is Security Information and Event Management?
SIEM or Security Information and Event Management is a software system that collects and analyses data from a variety of sources throughout your IT infrastructure.
Difference between NOC and SOC?
The NOC is in charge of ensuring that corporate infrastructure can support business activities, while the SOC is in charge of safeguarding the company from cyber-attacks that could interrupt such operations.