Soc Analyst Level 1 & 2 Masterclass

Master SIEM, log analysis, threat intelligence & incident response with hands-on labs for SOC L1 & L2 careers.

What you'll learn

Students will learn how to detect, investigate, and respond to real-world cyber threats in a Security Operations Centre environment.

Students will learn to use SIEM tools like Splunk and Wazuh to analyze logs, create dashboards, and generate real-time security alerts.

Will learn how to apply the MITRE ATT&CK framework to map threats, identify tactics, techniques, and procedures (TTPs), and improve SOC detection coverage.

Students will complete a simulated SOC investigation from initial alert triage to creating and submitting a professional incident report.

Requirements

A basic understanding of IT networks and operating systems is helpful but not required, as all key concepts will be explained from scratch.

Familiarity with common cybersecurity terms will be an advantage but is not mandatory.

Access to a computer with an internet connection is required to complete hands-on labs and simulations.

An interest in cybersecurity and a willingness to learn practical, job-ready SOC skills will help you succeed in the course.

Description

The SOC Analyst Level 1 & 2 Masterclass is your complete, hands-on training program to launch a successful career in cybersecurity. This course takes you inside the day-to-day operations of a real Security Operations Centre (SOC) and equips you with the skills to detect, investigate, and respond to real-world cyber threats.Through 12 comprehensive modules and practical, scenario-based training, you will master SOC fundamentals, network traffic analysis, operating system internals, SIEM usage, threat intelligence, detection engineering, and full-scale incident response. Every topic is reinforced with hands-on labs, simulations, and real attack investigations to make you job-ready.Here’s what you’ll learn in each module:Module 1: SOC structure, workflows, tools, KPIs, and the role of L1 & L2 analysts.Module 2: Networking essentials for SOC, including OSI/TCP-IP, protocols, packet inspection, and detecting network-based threats.Module 3: Windows & Linux internals, log sources, and investigative commands for uncovering malicious activity.Module 4: Understanding the threat landscape, mapping attacks to MITRE ATT&CK, and analyzing malware & phishing campaigns.Module 5: SIEM fundamentals, log lifecycle, Splunk queries, Sigma rules, and dashboard creation.Module 6: L1 alert monitoring, triage processes, enrichment with OSINT, and correlation techniques.Module 7: Investigating brute force, phishing, malware, data exfiltration, and command & control (C2) attacks.Module 8: SOC documentation, ticket lifecycle, escalation notes, and effective communication with stakeholders.Module 9: Threat intelligence tools, OSINT investigations, threat actor profiling, playbooks, and AI-assisted triage.Module 10: L2 detection engineering, writing & validating rules, log correlation, and deception techniques.Module 11: Incident response lifecycle – containment, eradication, recovery, and lessons learned.Module 12: Capstone project simulating a full SOC investigation with multiple threat scenarios.By the end of this course, you will be able to:Operate confidently in a SOC environment handling both L1 & L2 tasks.Monitor, triage, and investigate security alerts using industry tools like Splunk, Wazuh, Elastic Stack, and Wireshark.Apply MITRE ATT&CK to strengthen detection capabilities.Create and tune detection rules, correlate logs, and escalate incidents effectively.Build a professional SOC portfolio with reports, dashboards, and detection rules to showcase to employers.Whether you are an aspiring SOC Analyst, Blue Team member, or IT professional transitioning into security, this course will give you the knowledge, practical skills, and confidence to succeed in one of the fastest-growing areas of cybersecurity.

Overview

Section 1: SOC Fundamentals

Lecture 1 1.1 SOC Organisational Structure

Lecture 2 1.2 SOC Workflow

Lecture 3 1.3 Introduction to SOC Tools Part-1

Lecture 4 1.4 Introduction to SOC Tools Part-2

Lecture 5 1.5 Day in the life of a SOC Analyst

Lecture 6 1.6 SOC KPIs and Metrics

Lecture 7 1.7 Practical Task

Section 2: Networking for SOC Analysts

Lecture 8 2.1 OSI & TCP-IP Models

Lecture 9 2.2 Ports and Protocols

Lecture 10 2.3 Packet Inspection

Lecture 11 2.4 DNS Tunnelling and Beaconing

Lecture 12 2.5 Common Attack Paths

Lecture 13 2.6 Practical Task PCAP Analysis

Section 3: OS Internals – Windows & Linux

Lecture 14 3.1 Windows Architecture

Lecture 15 3.2 Windows Core Processes

Lecture 16 3.3 Windows Registry and Logs

Lecture 17 3.4 Linux architecture

Lecture 18 3.5 Linux Logs

Lecture 19 3.6 Common Commands

Lecture 20 3.7 Common Commands Part-2

Section 4: Threat Landscape & MITRE ATTACK

Lecture 21 4.1 Understanding Threats

Lecture 22 4.2 Understanding TTPs

Lecture 23 4.3 Mitre Attack

Lecture 24 4.4 Threat Intelligence Platforms

Lecture 25 4.5 Practical Task

Section 5: SIEM & Log Management

Lecture 26 5.1 What is SIEM

Lecture 27 5.2 Log types in SIEM

Lecture 28 5.3 Log Lifecycle

Lecture 29 5.4 Splunk

Lecture 30 5.5 Sigma Rules

Lecture 31 5.6 Simple SPL Queries

Lecture 32 5.7 Practical Task

Section 6: L1 Alert Monitoring & Triage

Lecture 33 6.1 How alerts are generated

Lecture 34 6.2 Alert Categories

Lecture 35 6.3 Alert Enrichment

Lecture 36 6.4 Alert Correaltion

Lecture 37 6.5 Practical Task

Section 7: L1-Level Investigations

Lecture 38 7.1 Investigating a brute force attack

Lecture 39 7.2 Investigating Phishing Attacks

Lecture 40 7.3 Investigating Malwares

Lecture 41 7.4 Investigating Data Exfiltration Attack

Lecture 42 7.5 Investigating C2

Lecture 43 7.6 Root Cause Analysis

Lecture 44 7.7 Practical Task

Section 8: SOC Documentation & Escalation

Lecture 45 8.1 SOC Ticket Lifecycle

Lecture 46 8.2 SOC Investigation Reports

Lecture 47 8.3 Communication With Stakeholders

Lecture 48 8.4 Practical Task

Section 9: Threat Intelligence in Practice

Lecture 49 9.1 Threat Actor Profiling

Lecture 50 9.2 Operationalising Threat Feeds

Lecture 51 9.3 OSINT in SOC

Lecture 52 9.4 Playbooks in SOC

Lecture 53 9.5 Playbooks Practical Task

Lecture 54 9.6 AI Augmented Triage

Lecture 55 9.7 AI in Threat Intelligence

Lecture 56 9.8 CTI Practical Task

Section 10: Detection Engineering & Log Correlation (L2 Focus)

Lecture 57 10.1 Detection Engineering 101

Lecture 58 10.2 Rule Development

Lecture 59 10.3 Validating Detections

Lecture 60 10.4 Deception Techniques in Detection

Lecture 61 10.5 Reverse Engineering Detection Failures

Lecture 62 10.6 Practical Task 1

Lecture 63 10.7 Practical Task 2

Section 11: Incident Response & Case Management

Lecture 64 11.1 Incident Response in SOC

Lecture 65 11.2 Containment

Lecture 66 11.3 Eradication

Lecture 67 11.4 Recovery and Back-up

Lecture 68 11.5 Lessons Learned

Lecture 69 11.6 Practical Task

Section 12: Capstone – Simulated SOC Investigation

Lecture 70 12.1 Capstone Project Part-1

Lecture 71 12.2 Capstone Project Part-2

Lecture 72 12.3 Additional Project 1

Lecture 73 12.4 Additional Project 2

This course is for aspiring SOC Analysts who want to start a career in cybersecurity.,It is ideal for Junior Security Engineers and Blue Team members looking to strengthen their SOC skills.,IT professionals who wish to transition into a security-focused role will find this course highly valuable.,Cybersecurity students preparing for interviews, assessments, or hands-on SOC tasks will benefit from this training.