Learning path
SOC Level 1
This path introduces a wide array of essential defensive security topics and real-world analysis scenarios. By completing it, you will gain the knowledge and practical skills needed to become a successful SOC Level 1 Analyst, or to better structure your existing expertise if you are already working in the field.
easy
Learn the skills needed to jumpstart your career as a SOC Level 1 Analyst or Security Analyst.
- Learn SOC tools and operations
- Explore network and web attacks
- Monitor endpoints for threats
- Utilise SIEM to handle incidents
Certificate of Completion
Complete this learning path to
develop your skills and earn a
certificate of completion.
SAL1 Professional Certification
Get hired with an industry-recognised, practical defensive certification.
Introduction
The Security Operations Center (SOC) is a central hub for securing many large organizations, and junior analysts are among the most numerous and demanding roles in a SOC. In the analyst role, you will work with logs, triage and prioritize alerts, collaborate with your teammates and other departments, and be the first line of defense in reacting to cyber incidents. This comprehensive path covers the necessary technical and operational skills to make you a qualified, universal SOC analyst.
Section 1
Blue Team Introduction
Junior Security Analyst Intro
SOC Role in Blue Team
Humans as Attack Vectors
Systems as Attack VectorsSection 2
SOC Team Internals
SOC L1 Alert Triage
SOC L1 Alert Reporting
SOC Workbooks and Lookups
SOC Metrics and Objectives
Introduction to Phishing
Section 3
Core SOC Solutions
Introduction to EDR
Introduction to SIEM
Splunk: The Basics
Elastic Stack: The Basics
Introduction to SOARSection 4
Cyber Defence Frameworks
Pyramid Of Pain 
Cyber Kill Chain 
Unified Kill Chain
MITRE
Summit
EvictionSection 5
Phishing Analysis
Phishing Analysis Fundamentals
Phishing Emails in Action 
Phishing Analysis Tools
Phishing Prevention
The Greenholt Phish
Snapped Phish-ing Line
Phishing UnfoldingSection 6
Network Traffic Analysis
Network Traffic Basics
Wireshark: The Basics
Wireshark: Packet Operations
Wireshark: Traffic Analysis
NetworkMinerSection 7
Network Security Monitoring
Network Security Essentials
Network Discovery Detection
Data Exfiltration Detection
Man-in-the-Middle Detection
IDS Fundamentals
SnortSection 8
Web Security Monitoring
Web Security Essentials
Detecting Web Attacks
Detecting Web Shells
Detecting Web DDoS
Upload and ConquerSection 9
Windows Security Monitoring
Windows Logging for SOC
Windows Threat Detection 1
Windows Threat Detection 2
Windows Threat Detection 3Section 10
Linux Security Monitoring
Linux Logging for SOC
Linux Threat Detection 1
Linux Threat Detection 2
Linux Threat Detection 3
BlackCatSection 11
Malware Concepts for SOC
Malware Classification
Intro to Malware Analysis
Living Off the Land Attacks
Shadow TraceSection 12
Threat Analysis Tools
Intro to Cyber Threat Intel
File and Hash Threat Intel
IP and Domain Threat Intel
Invite OnlySection 13
SIEM Triage for SOC
Log Analysis with SIEM
Alert Triage With Splunk
Alert Triage With Elastic
ItsyBitsy
BenignSection 14
SOC Level 1 Capstone Challenges
Tempest
Boogeyman 1
Boogeyman 2
Boogeyman 3
Hidden Hooks
Open Door