Understanding security solutions is key for SOC analysts. This module covers SIEM, EDR and SOAR, the core security solutions used in a SOC.

This module starts with building knowledge on Endpoint Detection and Response (EDR) solution that detect advanced threats on the endpoints and offers response capabilities. You will then learn the foundation of Security Information and Event Management (SIEM) solution and practically work on Splunk and Elastic Stack tools. Lastly, you will learn how any SOC can automate their repetitive functions and streamline incident handling using Security Orchestration, Automation, and Response (SOAR) solution.

Introduction to EDR

Learn the fundamentals of EDR and explore its features and working.

Introduction to SIEM

Learn the fundamentals of SIEM and explore its features and functionality.

Splunk: The Basics

Understand how SOC analysts use Splunk for log investigations.

Elastic Stack: The Basics

Understand how SOC analysts use the Elastic Stack (ELK) for log investigations.

Introduction to SOAR

Learn the concepts and methodology surrounding security orchestration, automation, and response.

Topic Rewind Recap

Lock in what you learned with a recap. Earn points and keep your streak.

Next steps

Cyber Defence Frameworks

Learn how defensive frameworks, such as Pyramid of Pain, Cyber Kill Chain, and MITRE, help you understand adversarial behaviour and harden detection, triage, and response.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Hierarchical diagram showing how learning pathways contain modules, which contain individual rooms.