Course Description

This course provides an in-depth understanding of a Security Operation Center (SOC) and its vital role in ensuring the security and integrity of an organization's information systems. It covers the fundamental concepts of SOC, including the implementation and management of Security Information and Event Management (SIEM) systems, Endpoint Detection and Response (EDR), and Threat Intelligence. The course also explores the key components, benefits, and challenges of these technologies and their integration into a cohesive SOC framework. Through a combination of theoretical knowledge and practical labs, participants will learn how to design, build, and manage a SOC that effectively detects, analyzes, and responds to cybersecurity threats.

Get Started Now

Kindly choose the enrollment pricing option that suits you best. If you're enrolling as a group or need a custom plan, please contact us. We're here to help!

  • Security Operation Center (SOC)

    Course material

    $50.00

    Buy Now

Course Curriculum

  • 01

    Required Files

    • Required Files
  • 02

    Introduction

    • Introduction

    • What Is SIEM
  • 03

    Log Sources

    • Log Sources

    • Common Log Source

    • Endpoint Detection and Response (EDR)
  • 04

    Threat Intelligence

    • Threat Intelligence

    • Types of Threat Intelligence

    • Key Components of Threat Intelligence

    • Role of Threat Intelligence in the SOC

    • Implementing Threat Intelligence in the SOC
  • 05

    Case Management

    • Case Management

    • Benefits of Case Management Services in a SOC
  • 06

    Building SOC

    • Building SOC

    • ELK-Stack SIEM - Elastic Search

    • ELK-Stack SIEM - Logstash

    • ELK-Stack SIEM - Kibana

    • ELK-Stack SIEM - Extending Setup

    • Log Collections

    • Log Collection - Linux

    • Log Collection - Windows
  • 07

    Extending Logging

    • Extending Logging

    • Extending Logging - Windows Sysmon

    • Extending Logging - Windows Extend Audit

    • Extending Logging - Windows Elastic Agent

    • Extending Logging - Linux Elastic Agent

    • Alerts
  • 08

    Case Study

    • Lab #1

    • Lab #1 - Solutions

    • Lab #2

    • Lab #2 - Solutions

    • Lab #3

    • Lab #3 - Solutions

    • Lab #4

    • Lab #4 - Solutions

Learning Outcomes

After completing this course, you will learn the following:

  • Understand the Role of a SOC

  • Explain the core components and benefits of SIEM

  • Configure and utilize SIEM tools for log collection

  • Utilize Endpoint Detection and Response (EDR) Tools

  • Integrate Threat Intelligence into SOC Operations

  • Design and implement a SOC infrastructure using the ELK-Stack SIEM (Elastic Search, Logstash, Kibana)

  • Extend logging capabilities for comprehensive monitoring

  • Configure alerts and automated responses to security incidents

  • Apply Knowledge Through Practical Labs

Technical Requirements

For the hands-on labs in this course

  • Internet Connection

  • Workstation with at least 16GB RAM and 100GB Disk Space

  • Operating System (Windows or Linux)

  • VirtualBox or VMWare (hypervisor)

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates