SOC Level 1

Course Duration

4 days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

Completion of the Practical Help Desk course, CompTIA A+/Network+ equivalent, or familiarity with: basic Windows and Linux OS components, command-line navigation, network concepts (subnets, NAT, routing), and foundational security concepts (CIA triad, encryption, hashing). System requirements: 8GB RAM, 256GB HDD, up-to-date OS and internet browser, stable internet connection.

Course Description

Take your SOC analyst skills to the next level with four full days of intensive live training, labs, and challenges designed to build the foundational skills essential for success in defensive security operations. This course provides deep, practical coverage of monitoring, detection, analysis, and incident response across key areas including phishing, network security, endpoint protection, SIEM management, threat intelligence, and DFIR (Digital Forensics and Incident Response). By the end of the training, you will have a comprehensive understanding of Security Operations Center functions and investigative techniques developed through real-world scenarios that reflect the demands placed on today's SOC professionals. This course includes an Exam Voucher for TCM Security's Practical SOC Analyst Associate (PSAA) certification. Each exam voucher includes 1 exam attempt and is valid for 12 months from the course completion date.

Learning Objectives

• Security Operations Fundamentals
• Phishing Analysis
• Network Security Monitoring
• Network Traffic Analysis
• Endpoint Security Monitoring
• Endpoint Detection and Response
• Log Analysis and Management
• Security Information and Event Management (SIEM)
• Threat Intelligence
• Digital Forensics
• Incident Response

Course Outline

Day 1 – SOC Fundamentals and Phishing Analysis

• Class Introduction, Lab Access, Setup, and Configuration
• Understanding the SOC
• Understanding Phishing Attacks and Techniques
• Email Analysis
• URL Analysis
• Attachment Analysis
• MalDoc Analysis
• Phishing Defenses
• Understanding Packets and Flows
• Network Traffic Analysis with TCPDump
• Network Traffic Analysis with Wireshark

Day 2 – Endpoint Security and SIEM

• Understanding Endpoint Security
• Windows: Hunting Malicious Network Connections and Processes
• Live IR with SysInternals and Autoruns
• Windows: Understanding Core Processes and Hunting Persistence
• Linux: Hunting Malicious Network Connections and Processes
• Linux: Understanding Core Processes and Hunting Persistence
• Understanding the SIEM
• Common Attack Signatures
• Command Line Log Analysis

Day 3 – Splunk and Threat Intelligence

• Splunk Introduction and Search Processing Language
• Search Commands, Reporting, Alerting, and Dashboards
• Investigating Intrusions with Splunk
• Deploying Splunk Forwarders
• Understanding Threat Intelligence and Frameworks
• MITRE ATT&CK
• Detecting Malware with YARA: Reading and Writing YARA Rules

Day 4 – Digital Forensics and Incident Response

• Understanding Digital Forensics Investigations
• Disk Image Acquisition with FTK Imager
• Memory Acquisition with FTK Imager
• Windows Forensic Artifacts
• Forensic Image Analysis with Autopsy
• Memory Analysis with Volatility
• The Incident Response Process