Cyber Security SOC Analyst Training – SIEM

Description

Become a Job-Ready SOC Analyst with this practical, hands-on training focused on Security Information and Event Management (SIEM) systems — the core of modern Security Operations Centers (SOCs).

This course is designed to take you from beginner to advanced SOC Analyst, teaching you how to detect, investigate, and respond to cyber threats using real-world tools like Splunk, IBM QRadar, ELK Stack, and Wazuh.

Whether you’re starting a career in cybersecurity or upskilling for high-paying roles, this course gives you the skills, tools, and certification to land a role as a Tier 1 or Tier 2 SOC Analyst — one of the most in-demand positions in cyber defense today.

---

🎯 What You’ll Learn:

• Understand how SOCs operate and what a SOC Analyst does daily

• Work with industry-grade SIEM tools like Splunk, ELK, and Wazuh

• Detect real-time threats, analyze logs, and respond to security incidents

• Master threat hunting, incident response, and alert triage techniques

• Build your resume and get ready for job interviews with real-world labs

---

👨‍💻 Who This Course is For:

• Aspiring SOC Analysts and Cybersecurity Students

• Freshers looking for job-oriented cybersecurity training

• IT Professionals switching to cybersecurity

• Tier 1 SOC Analysts preparing for Tier 2 roles

---

🗂️ Course Syllabus

---

Module 1: Introduction to SOC & SIEM

• What is a SOC?

• SOC structure: Tier 1, Tier 2, Tier 3 roles

• Introduction to SIEM tools and their importance

• Understanding Log Sources: Firewalls, Endpoints, Applications

---

Module 2: Working with Logs

• What are logs? Types and formats

• Parsing, normalization & enrichment

• Hands-on log analysis lab (Syslog, Windows Event Logs, Linux logs)

---

Module 3: Installing and Using Wazuh SIEM (Free & Open Source)

• Deploying Wazuh on your system (Linux/Cloud)

• Adding agents, collecting logs

• Alerting, rule configuration, and correlation

---

Module 4: Splunk for SOC Analysts

• Installing and configuring Splunk

• Creating dashboards and alerts

• Writing SPL queries to detect anomalies

• Case study: Detecting brute-force & ransomware activity

---

Module 5: Incident Response and Ticketing

• SOC Analyst’s Daily Workflow

• Escalation matrix: Tier 1 → Tier 2 → IR

• Writing incident reports and playbooks

• Using tools like TheHive and Cortex for triaging

---

Module 6: Threat Intelligence and IOC Analysis

• What is Threat Intelligence?

• IOC types: Hashes, IPs, URLs, Domains

• Using VirusTotal, AbuseIPDB, Any.run for IOC lookup

• Automating enrichment with MISP and open CTI feeds

---

Module 7: Threat Hunting and Anomaly Detection

• Manual vs automated threat hunting

• Using ELK and Sigma rules for hunting

• Practical threat hunting lab: Detecting persistence mechanisms

---

Module 8: Resume Building + Interview Preparation

• How to write a SOC-focused resume

• Practice interview questions (Tier 1 & Tier 2)

• Building a home lab for experience

• Getting certified: Which SOC certs matter (e.g., CompTIA CySA+, Blue Team Level 1)

---

🎓 Final Project & Certification

• Live SOC Simulation (Alert, Investigate, Respond)

• Capstone project: Build your own mini SOC using ELK or Wazuh

• Receive KaalSec SOC Analyst Certification on completion

---

🧰 Bonus Material:

• SOC Analyst Interview Questions Pack (PDF)

• SIEM Query Cheatsheets (SPL, KQL, ELK DSL)

• 200+ IOC Sources & Threat Feeds

• Real-world attack dataset for practice