S

SOCOPS

operation for Analysts

In training of Security Operations, students will embark on an engaging learning journey focused on the practical aspects of detecting and responding to Cybersecurity threats. Throughout the module, students will work on practical activities centered around SOC operations, threats handling, threats analysis and, of course, necessary response activities.

20 Hours

Cloud Environment

Instructor Led

Virtual Labs & Simulation

The course aims to develop participants' skills in SOC operation. The key goals are: 1. Becoming familiar with commonly available technologies within SOCs to monitor, analyze, and correlate security events and alerts, so potential security incidents are handled effectively and efficiently. 2. Enhancing practical skills in handling incidents, including analysis of security events and threat indicators
WHO IS IT FOR
individuals and teams with background in IT
a taste of cyber operation in organization
stage cyber professionals
GOALS
Students will be able to explain the operational aspects of SOCs, including relevant technologies and methods. Additionally, students will be able to describe SOC’s operational workflow & relationships between SIEM and SOC.
Students will be able to install a working instance of Splunk within a virtual environment to experiment with SIEM activities, including configuring log collection with various endpoints and creating alert rules, potentially correlating them with the MITRE ATT&CK matrix if time permits.
Students will learn about security event sources, particularly in the Microsoft Windows environment, covering Windows Event Viewer Logs, Incident Response (IR) and Cyber Forensics (CF) terminologies, and essential tools and practices.
Students will be able to find, extract and understand content Windows Event Viewer Logs while also experimenting with the Forensics aspects of artifacts extraction.
Requirements
Profound knowledge in IT infrastructures (both networks and operating systems, i.e. file systems, windows registry, common network protocols)
English Language
  • The Security Operations Center
  • The Technological Building Blocks of SOCs
  • Splunk
  • Enrichment – The MITRE ATACK Matrix
  • Cybersecurity Incidents – Handling and Response
  • Sources of Security Events
  • Administration of SIEM Rules
  • Windows Event Viewer Logs
  • Windows Digital Forensics
  • Introduction to Windows Artifacts and Windows Registry

12 Hours of hands-on activities

Total amount of practical experience during this course.

Contact Us