Practical Security Investigation With Splunk, Wazuh, Osquery

Master SOC fundamentals, incident response, log analysis, and threat detection with Splunk, Wazuh and OSquery labs,

What you'll learn

Fundamentals of SOC and Role of an SOC analyst

Fundamentals of SIEM

Hands-on with Splunk and conduct security investigation

How to use Wazuh for alerts and vulnerability detection

How to hunt endpoints with Osquery for deep forensics

Requirements

Basics of Computers

Basic knowledge IT Network Protocols

Description

Welcome to the SOC Analyst Masterclass: Security Investigation with Splunk, Wazuh, and Osquery!This course is designed to give you the skills and confidence to investigate, detect, and respond to real-world security incidents using leading open-source and enterprise SOC tools. Whether you’re starting your SOC career or looking to enhance your security investigation skills, this hands-on, step-by-step program will guide you through the complete process of setting up a virtual SOC lab, understanding different log types, and mastering investigation techniques.This is a practical, Learn-by-Doing course — you’ll not only understand the theory but also build your own SOC lab, work with real logs, and replicate real-world investigation scenarios. You’ll get detailed demonstrations, guided exercises, and ready-to-use commands for Splunk, Wazuh, and Osquery so you can follow along at your own pace.In this course, you will cover:SOC & SIEM Fundamentals: Understand SOC roles, functions, tools, and processes. Learn core SIEM concepts and how they fit into security monitoring.Log Types & Data Sources: Explore Windows (Event Logs, Sysmon), Linux (Syslog, Auth), and network logs (Firewall, DNS, HTTP) to understand their value in threat detection.Lab Setup & Tools Installation: Build your own SOC lab from scratch, including Splunk, Wazuh Manager, Kali Linux, and supporting infrastructure using VMware or VirtualBox.Security Investigations with Splunk: Perform hands-on analysis with SPL commands to investigate brute force attacks, DNS beaconing, suspicious file transfers, compromised accounts, and unauthorized cloud access.Threat Detection with Wazuh: Investigate file modifications, brute force activity, vulnerabilities, and learn how Wazuh rules trigger alerts.Endpoint Forensics with Osquery: Run live queries to collect endpoint data, investigate anomalies, and support incident response efforts.By the end of this course, you will have the ability to:Confidently investigate security incidents using Splunk, Wazuh, and OsqueryUnderstand how to analyze logs from multiple sources for accurate threat detectionBuild and manage your own virtual SOC lab for continuous practiceApply your skills to real-world SOC scenarios and improve your incident response capabilitiesWho this course is for:Aspiring SOC analysts, blue team members, and cybersecurity enthusiastsIT professionals looking to transition into security operationsAnyone who wants practical, hands-on SOC investigation experience with industry toolsGet ready to take your security investigation skills to the next level — I’ll see you in the course!

Overview

Section 1: Introduction to SOC and SIEM

Lecture 1 What is a SOC

Lecture 2 Role of a SOC Analyst

Lecture 3 Overview of SOC Tools and Technologies

Lecture 4 Understanding SIEM

Section 2: Understanding Log Types and Data Sources

Lecture 5 What is Log and Log analysis

Lecture 6 Windows Logs

Lecture 7 Linux Logs

Lecture 8 Network Logs

Section 3: Installing and Setting Up Lab

Lecture 9 Lab Requirements: Hardware and Software

Lecture 10 Setting up a Linux Server on VMWARE Workstation

Lecture 11 Setting up Virtual Machines- Virtualbox

Lecture 12 Setting up a Linux Server on Virtualbox

Lecture 13 Installing Splunk

Lecture 14 Installing Wazuh Manager

Lecture 15 Setting up Attacker Machine(Kali Linux)

Section 4: Security Investigation with Splunk

Lecture 16 What is SIEM?

Lecture 17 Introduction to Splunk

Lecture 18 Demo: Splunk Dashboard

Lecture 19 Splunk for SOC Analyst

Lecture 20 Exploring Fields in Splunk Search

Lecture 21 head command

Lecture 22 stats command

Lecture 23 table command

Lecture 24 timechart command

Lecture 25 dedup command

Lecture 26 Investigating SSH brute force using Splunk

Lecture 27 DNS Beaconing Detection Using Splunk

Lecture 28 Detect Suspicious File Transfer via Splunk

Lecture 29 Investigate Compromised Windows User Account using Splunk

Lecture 30 Unauthorized Cloud Access AWS from a Foreign Country

Section 5: Section 5: Security Investigation with Wazuh

Lecture 31 Introduction to Wazuh

Lecture 32 Wazuh Demo

Lecture 33 Wazuh Rules

Lecture 34 Investigating Unauthorized File Modification using Wazuh

Lecture 35 Investigating SSH brute force using Wazuh

Lecture 36 Vulnerability detection with Wazuh

Section 6: Security Investigation with Osquery

Lecture 37 Introduction to Osquery

Lecture 38 Installing Osquery

Lecture 39 Lab 1: List All Installed Software on Linux

Lecture 40 Lab 2: Detect New User Accounts Created

Lecture 41 Lab 3: Detect Malware Making Outbound Connections

Section 7: More Resources for Security Investigation

Lecture 42 More Sample Log File for Security Investigation on Splunk

IT or Network Engineer,Freshers,SOC analyst,Network Security Engineer,System Administrator