SOC Analyst 1 (Junior Security Analyst) Training Program
Role Introduction

  • As a Tier 1 SOC Analyst (Junior Security Analyst), your primary responsibility is acting as a Triage Specialist.
    You will spend most of your time monitoring, investigating, and escalating alerts within a 24×7 SOC environment.

Key Responsibilities:

  • Monitor and investigate alerts in real-time.
  • Configure and manage security tools.
  • Develop and implement IDS signatures.
  • Escalate incidents to Tier 2 Analysts or SOC Team Leads when necessary.

Course Modules
Section 1: Cyber Defense Frameworks

  • Introduction to Junior SOC Analyst Role
  • Pyramid of Pain
  • Cyber Kill Chain
  • Unified Kill Chain
  • Diamond Model of Intrusion Analysis
  • MITRE ATT&CK Framework
  • Summit & Eviction Models
  • Section 2: Cyber Threat Intelligence (CTI)
  • Introduction to Cyber Threat Intelligence
  • Threat Intelligence Tools Overview
  • Yara Rules for Threat Detection
  • OpenCTI Platform
  • MISP (Malware Information Sharing Platform)
  • Friday Overtime Use Case
  • Trooper

Section 3: Network Security & Traffic Analysis

  • Fundamentals of Traffic Analysis
  • Snort IDS/IPS (Basics & Challenges)
  • Snort Live Attack Detection
  • NetworkMiner for Packet Capture Analysis
  • Zeek (with Hands-on Exercises)
  • Brim for Network Investigation
  • Wireshark (Basics, Packet Operations, Traffic Analysis)
  • TShark (CLI Features, Challenges I & II)

Section 4: Endpoint Security Monitoring

  • Introduction to Endpoint Security
  • Core Windows Processes
  • Sysinternals Suite
  • Windows Event Logs
  • Sysmon for Endpoint Visibility
  • Osquery (The Basics)
  • Wazuh for Endpoint Monitoring
  • Case Studies: Monday Monitor, Retracted

Section 5: Security Information and Event Management (SIEM)

  • Introduction to SIEM Concepts
  • Investigating with ELK 101
  • ItsyBitsy Scenario
  • Splunk Basics
  • Incident Handling with Splunk
  • Advanced Investigations with Splunk
  • Case Study: Benign

Section 6: Digital Forensics & Incident Response (DFIR)

  • Introduction to DFIR
  • Windows Forensics 1 & 2
  • Linux Forensics
  • Autopsy for Disk Forensics
  • Redline for Memory Forensics
  • KAPE for Triage Collection
  • Volatility & Velociraptor for Memory Analysis
  • TheHive Project for Incident Management
  • Intro to Malware Analysis
  • Hands-on Scenarios: Unattended, Disgruntled, Critical, Secret Recipe

Section 7: Phishing Analysis

  • Phishing Analysis Fundamentals
  • Phishing Emails in Action
  • Phishing Analysis Tools & Techniques
  • Phishing Prevention Mechanisms
  • Case Studies: The Greenholt Phish, Snapped Phishing Line

Section 8: SOC Analyst Level 1 – Capstone Challenges

  • Tempest
  • Boogeyman 1
  • Boogeyman 2
  • Boogeyman 3