Security Operations Center (SOC) Analyst 1

In the Security Operations Center (SOC) Analyst 1 role or Junior Security Analyst role, you will be a Triage Specialist. You will spend a significant portion of your time triaging or monitoring the event logs and alerts.
The responsibilities of a Junior Security Analyst or Tier 1 SOC Analyst include the following,

  • Monitor and investigate alerts (most of the time, it’s a 24×7 SOC operations environment)
  • Configure and manage security tools
  • Develop and implement IDS signatures
  • Escalate the security incidents to the Tier 2 and Team Lead if needed
Section 1 – Cyber Defence Frameworks

Junior Security Analyst Intro
Pyramid Of Pain
Cyber Kill Chain
Unified Kill Chain
Diamond Model
MITRE
Summit
Eviction

Section 2 – Cyber Threat Intelligence

Intro to Cyber Threat Intel
Threat Intelligence Tools
Yara
OpenCTI
MISP
Friday Overtime
Trooper

 

Section 3 – Network Security and Traffic Analysis
Traffic Analysis Essentials
Snort
Snort Challenge – The Basics
Snort Challenge – Live Attacks
NetworkMiner
Zeek
Zeek Exercises
Brim
Wireshark: The Basics
Wireshark: Packet Operations
Wireshark: Traffic Analysis
TShark: The Basics
TShark: CLI Wireshark Features
TShark Challenge I: Teamwork
TShark Challenge II: Directory

Section 4 – Endpoint Security Monitoring
Intro to Endpoint Security
Core Windows Processes
Sysinternals
Windows Event Logs
Sysmon
Osquery: The Basics
Wazuh
Monday Monitor
Retracted

 

Section 5 – Security Information and Event Management
Introduction to SIEM
Investigating with ELK 101
ItsyBitsy
Splunk: Basics
Incident handling with Splunk
Investigating with Splunk
Benign

 

Section 6 – Digital Forensics and Incident Response
DFIR: An Introduction
Windows Forensics 1
Windows Forensics 2
Linux Forensics
Autopsy
Redline
KAPE
Volatility
Velociraptor
TheHive Project
Intro to Malware Analysis
Unattended
Disgruntled
Critical
Secret Recipe

 

Section 7 – Phishing
Phishing Analysis Fundamentals
Phishing Emails in Action
Phishing Analysis Tools
Phishing Prevention
The Greenholt Phish
Snapped Phish-ing Line

 

Section 8 – SOC Level 1 Capstone Challenges
Tempest
Boogeyman 1
Boogeyman 2
Boogeyman 3

 

  • The Security Operations Center (SOC) Analyst 2 or Senior Cyber Security Analyst role aims to help you succeed in your SOC career.
  • It will help you transition into a Level 2 position or strengthen the core technical skills you need to perform well in your current position, using hands-on, practical, and realistic scenarios.
  • Through realistic scenarios, you will practice log analysis in-depth and acquire hands-on experience using various SIEM platforms.
  • The path will also cover detection engineering topics, allowing you to troubleshoot and fix detection, alerting, and logging issues.
  • Finally, you will learn essential technical skills to perform advanced Blue Teaming tasks, such as threat hunting and emulation, incident response, and malware analysis.

Section 1 – Log Analysis
Intro to Logs
Log Operations
Intro to Log Analysis

Section 2 Advanced Splunk
Splunk: Exploring SPL
Splunk: Setting up a SOC Lab
Splunk: Dashboards and Reports
Splunk: Data Manipulation
Fixit

Section 3 – Advanced ELK
Logstash: Data Processing Unit
Custom Alert Rules in Wazuh
Advanced ELK Queries
Slingshot

Section 4 – Detection Engineering
Intro to Detection Engineering
Tactical Detection
Threat Intelligence for SOC
Sigma
SigHunt
Aurora EDR
SOAR

Section 5 – Threat Hunting
Threat Hunting: Introduction
Threat Hunting: Foothold
Threat Hunting: Pivoting
Threat Hunting: Endgame
Hunt Me I: Payment Collectors
Hunt Me II: Typo Squatters

Section 6 – Threat Emulation
Intro to Threat Emulation
Threat Modelling
Atomic Red Team
CALDERA
Atomic Bird Goes Purple #1
Atomic Bird Goes Purple #2

Section 7 – Incident Response
Preparation
Identification & Scoping
Threat Intel & Containment
Eradication & Remediation
Lessons Learned
Tardigrade

Section 8 – Malware Analysis
x86 Architecture Overview
x86 Assembly Crash Course
Windows Internals
Dissecting PE Headers
Basic Static Analysis
MalBuster
Advanced Static Analysis
Basic Dynamic Analysis
Dynamic Analysis: Debugging
Anti-Reverse Engineering
MalDoc: Static Analysis

The Certified Ethical Hacker training program includes 20 modules covering various technologies, tactics, and procedures, providing prospective ethical hackers with the core knowledge needed to thrive in cybersecurity. It continues to evolve to keep up with the latest OS, exploits, tools, and techniques. The concepts covered in the training program are split 50/50 between knowledge-based training and hands-on application through our cyber range. Every tactic discussed in training is backed by step-by-step labs conducted in a virtualized environment with live targets, live tools, and vulnerable systems. Through our lab technology, every participant will have comprehensive hands-on practice to learn and apply
their knowledge.

Module 1 Introduction to Ethical Hacking 

Cover the fundamentals of key issues in the information security world, 

including the basics of ethical hacking, information security controls, 

relevant laws, and standard procedures.

Module 2 – Foot Printing and Reconnaissance

Learn how to use the latest techniques and tools to perform foot 

printing and reconnaissance, a critical pre-attack phase of the ethical 

hacking process.

Module 3 – Scanning Networks

Learn different network scanning techniques and countermeasures.

Module 4 – Enumeration

Learn various enumeration techniques, such as Border Gateway 

Protocol (BGP) and Network File Sharing (NFS) exploits, and associated  countermeasures.

Module 5 – Vulnerability Analysis

Learn how to identify security loopholes in a target organization’s network, communication infrastructure, and end systems. Different  types of vulnerability assessment and vulnerability assessment tools.

Module 6 – System Hacking

Learn about the various system hacking methodologies—including steganography, steganalysis attacks, and covering tracks—used to discover 

system and network vulnerabilities.

Module 7 – Malware Threats

Learn different types of malware (Trojan, virus, worms, etc.), APT and file less malware, malware analysis procedure, and malware countermeasures.

Module 8 – Sniffing

Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against 

sniffing attacks.

Module 9 – Social Engineering

Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest 

social engineering countermeasures.

Module 10 – Denial-of-Service

Learn about different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the tools used to audit a target and devise DoS and DDoS countermeasures and protections.

Module 11 – Session Hijacking

Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and 

cryptographic weaknesses and associated countermeasures.

Module 12- Evading IDS, Firewalls, and Honeypots

Get introduced to firewall, intrusion detection system (IDS), and honeypot evasion techniques; the tools used to audit a network 

perimeter for weaknesses; and countermeasures.

Module 13 – Hacking Web Servers

Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures 

and countermeasures.

Module 14 – Hacking Web Applications

Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web 

applications and countermeasures.

Module 15 – SQL Injection

Learn about SQL injection attacks, evasion techniques, and SQL injection countermeasures.

Module 16 – Hacking Wireless Networks

Understand different types of wireless technologies, including encryption, threats, hacking methodologies, hacking tools, Wi-Fi security tools, and countermeasures.

Module 17 – Hacking Mobile Platforms

Learn Mobile platform attack vector, android and iOS hacking, mobile device management, mobile security guidelines, and security tools.

Module 18 – IoT and OT Hacking

Learn different types of IoT and OT attacks, hacking methodology, hacking tools, and countermeasures.

Module 19 – Cloud Computing

Learn different cloud computing concepts, such as container technologies and server less computing, various cloud computing threats, attacks, 

hacking methodology, and cloud security techniques and tools.

Module 20 – Cryptography

Learn about encryption algorithms, cryptography tools, Public Key Infrastructure (PKI), email encryption, disk encryption, cryptography 

attacks, and cryptanalysis tools.

Name of Trainer – Dr. Kumar

  • Qualification of Trainer – Ph.D. in Cyber Security
  • Total Work Experience – 13 Years
  • Total No. of Training Conducted till date – 30+
  • Duration: 32 Hrs. Training + 1
    Hr. MCQ Test + 1 Hr. Practical Test = 34 Hrs.
  • Hardware Requirement –
  • 4 Virtual Machines of Windows 10 and above O.S. with at least i3 processor, 30 GB Hard disk, 8 GB RAM
  • 1 Virtual Machine with Ubuntu 18.04 O.S. and with at least i3 processor, 20 GB Hard disk, 4 GB RAM
  • Software Requirement – Splunk Enterprise Software 9.x, Foxit Reader, Mozilla Firefox

 

Course Content

  • Duration of Course – 32 Hrs. Training + 1 Hr. MCQ Test + 1 Hr. Practical Test = 34 Hrs.

(4 Hrs.)

Module 1 – Introducing Splunk

  • Understand the uses of Splunk
  • Define Splunk Apps
  • Learn basic navigation in Splunk

Module 2 – Various Certifications of Splunk and their cost

  • Eligibility criteria for Splunk Certification
  • Cost of Splunk Certification

Module 3 – Setting up Splunk

Configuring Splunk

Installation of Splunk

 

Module 4 – Licensing in Splunk

Splunk License Types

License Master

License Slave

License Master/Slave relationship or License Pool

 

(4 Hrs.)

Module 5 – Searching

  • Run basic searches
  • Use auto-complete to help build a search
  • Set the time range of a search
  • Identify the contents of search results
  • Refine searches
  • Use the timeline
  • Work with events
  • Control a search job
  • Save search results

Module 6 – Using Fields in Searching

  • Understand fields
  • Use fields in searches
  • Use the fields sidebar
  • Use search modes (fast, verbose, and smart)

 

Module 7 – Create Reports

  • Save a search as a report
  • Edit reports
  • Create reports that display statistics (tables)
  • Create reports that display visualizations (charts)

 

Module 8 – Create Dashboards

  • Create a dashboard
  • Add a report to a dashboard
  • Add panel to a dashboard
  • Edit a dashboard
  • Create Interactive dashboard
  • Create Cascade dashboard

(4 Hrs.)

Module 9 – Splunk’s Search Language Fundamentals

  • Understand the search pipeline
  • Understand search syntax concepts
  • Use the following commands to perform searches: tables, rename, fields, dedup, sort

 

Module 10 – Using basic Transforming Commands

  • The top command
  • The rare command
  • The stats command

 

Module 11 – Creating and Using Lookups

  • Describe lookups 
  • Examine a lookup file example
  • Create a lookup file and create a lookup definition
  • Use the lookup in searches

Module 12 – Creating Alerts and Scheduled Reports

  • Describe scheduled reports
  • Configure scheduled reports
  • Describe alerts
  • Create alerts
  • View fired alerts

 (4 Hrs.)

Module 13 – Creating Data Models

  • Describe the relationship between data models and pivot
  • Identify data model attributes
  • Create a data model
  • Use a data model in pivot

Module 14 – Beyond Search Fundamentals

  • Search fundamentals review
  • Case sensitivity
  • Using the job inspector to view search performance

 

Module 15 – Using Transforming Commands for Visualizations

  • Explore data structure requirements
  • Explore visualization types
  • Create and format charts and time charts

Module 16 – Filtering and Formatting Results

  • The eval command
  • Using the search and where commands to filter results
  • The fillnull command

(4 Hrs.)

Module 17 – Introduction to Knowledge Objects

  • Identify naming conventions
  • Review permissions
  • Manage knowledge objects

 

Module 18 – Creating and Managing Fields

  • Perform regex field extractions using the Field Extractor (FX)
  • Perform delimiter field extractions using the FX

 

Module 19 – Creating Field Aliases and Calculated Fields

  • Describe, create, and use field aliases
  • Describe, create and use calculated fields 

Module 20 – Creating Tags and Event Types

  • Create and use tags
  • Describe event types and their uses
  • Create an event type

(8 Hrs.)

Module 21 – Creating and Using Macros

  • Describe macros
  • Create and use a basic macro
  • Define arguments and variables for a macro
  • Add and use arguments with a macro

 

Module 22 – Creating and Using Workflow Actions

  • Describe the function of GET and Search workflow actions
  • Create a GET workflow action
  • Create a Search workflow action

Module 23 – Data addition to Splunk by Universal Forwarder

            Use of Universal Forwarder

            Install and Configure Universal Forwarder in Ubuntu Linux System

            Add data to Splunk by Universal Forwarder

 

Module 24 – Data addition to Splunk by HTTP Event Collector

           Use of HTTP Event Collector

           Install and Configure HTTP Event Collector in Ubuntu Linux System

           Add data to Splunk by HTTP Event Collector

(4 Hrs.)

Module 25 – Clustering

  • Need of Clustering
  • Indexer Clustering
  • Search Head Clustering

Module 26 – Splunk Distributed Deployment

  • Create Non-Clustered Distributed Deployment
  • Create Clustered Distributed Deployment
  • Difference between Non-Clustered and Clustered Distributed Deployment
  • Indexer Clustering
  • Search Head Clustering

Module 27 – Diag

  • Use of Diag
  • Create Diag using Splunk Web UI
  • Create Diag using Command Line

(4 Hrs.)

Module 28 – Common Information Model

  • Use of CIM
  • Create CIM

Module 29 – Used cases in Splunk