Advent of Cyber 2025

Daily festive challenges and 30% off annual subscriptions

28days
:
18hr
:
34min
:
08sec
Subscribe now
Back to all modules

SIEM Triage for SOC

SIEM Triage for SOC icon

Explore how SIEM solutions help detect early signs of attacks, investigate SOC alerts, and correlate logs from multiple sources to build an incident timeline. These skills will be vital for you to identify and respond to real-world threats as a SOC analyst.

In this module, you will learn to apply a systematic approach to SIEM investigations: where to focus your attention, and which queries to run to get the answers quickly. You will investigate various scenarios in Splunk and Elastic across web, Linux, and Windows environments, sharpening the triage skills, which every SOC analyst needs to succeed.

SIEM Triage for SOC icon
image

0%

Log Analysis with SIEM

Learn how SIEM solutions can be used to detect and analyse malicious behaviour.

image

0%

Alert Triage With Splunk

Use Splunk to triage alerts and investigate malicious activity efficiently.

image

0%

Alert Triage With Elastic

Investigate alerts with Elastic by analyzing logs and spotting threats.

image

0%

ItsyBitsy

Put your ELK knowledge together and investigate an incident.

image

0%

Benign

Challenge room to investigate a compromised host.

Next steps

Next steps: SOC Level 1 Capstone Challenges

SOC Level 1 Capstone Challenges

Investigate critical incidents and apply all the skills needed to be an effective SOC analyst while handling various artefacts.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Module tree diagram

We use cookies to ensure you get the best user experience. For more information contact us.

Read more