Subcribe and Access : 5200+ FREE Videos and 21+ Subjects Like CRT, SoftSkills, JAVA, Hadoop, Microsoft .NET, Testing Tools etc..
Batch
Date: Jan
12th @7:00AM
Faculty: Mr. Veera (13+ Yrs of Exp,..)
Duration: 35 Days
Venue
:
DURGA SOFTWARE SOLUTIONS,
Flat No : 202,
2nd Floor,
HUDA Maitrivanam,
Ameerpet, Hyderabad - 500038
Ph.No: +91 - 8885252627, 9246212143, 80 96 96 96 96
Syllabus:
SOC (Security Operations Center)
Course Overview
This repository provides a complete end-to-end SOC Analyst syllabus designed to train learners from zero cybersecurity knowledge to L2/L3 SOC Analyst level.
The course covers:
- SOC operations
- SIEM tools
- Incident response
- Threat detection
- Blue team security
- Cloud SOC basics
- Real-time attack scenarios
MODULE 1: Introduction to Cybersecurity & SOC
What is Cybersecurity?
- Information Security vs Cyber Security
- CIA Triad:
- Confidentiality
- Integrity
- Availability
- Types of cyber attacks
What is SOC?
- Security Operations Center overview
- Purpose of SOC
- Why SOC is critical for organizations
- SOC vs GRC vs VAPT
SOC Roles & Levels
- SOC L1 Analyst
- SOC L2 Analyst
- SOC L3 Analyst
- Threat Hunter
- Incident Responder
- SOC Manager
Outcome:
Learners understand what SOC is and how it operates
MODULE 2: Networking Fundamentals for SOC
Networking Basics
- OSI Model (7 Layers)
- TCP/IP Model
- Ports & Protocols:
- HTTP / HTTPS
- DNS
- FTP
- SMTP
- SSH
- IP Addressing & Subnetting
Network Security Concepts
- Firewalls
- IDS vs IPS
- Proxy
- VPN
Hands-on:
- Packet flow understanding
- Basic network diagrams
MODULE 3: Operating Systems Fundamentals
Linux Fundamentals
- Linux architecture
- Important commands:
- ls, cd, grep, tail, chmod, chown
- Log locations:
- /var/log/auth.log
- /var/log/syslog
Windows Fundamentals
- Windows architecture
- Event Viewer
- Important logs:
- Security logs
- System logs
- Application logs
Hands-on:
- Log analysis basics (Linux & Windows)
MODULE 4: Security Concepts for SOC
Security Fundamentals
- Authentication vs Authorization
- Encryption vs Hashing
- MFA
- Least privilege
- Defense in depth
Common Attack Types
- Malware
- Phishing
- Ransomware
- Brute force
- DDoS
- Insider threats
MODULE 5: Logs, Events & Monitoring
What are Logs?
- System logs
- Application logs
- Network logs
- Security logs
Events vs Alerts
- Raw logs
- Normalized events
- Alerts & incidents
Log Sources
- Firewall
- Server
- Endpoint
- Cloud
- Application
Hands-on:
- Identify log types
- Event correlation basics
MODULE 6: SIEM Fundamentals
What is SIEM?
- SIEM architecture
- Log ingestion
- Parsing & normalization
- Correlation rules
- Dashboards & alerts
Popular SIEM Tools
- Splunk
- QRadar
- ArcSight
- Microsoft Sentinel
- Elastic SIEM
Hands-on:
- Sample SIEM dashboard
- Alert analysis workflow
MODULE 7: SOC Analyst L1 Operations
L1 Analyst Responsibilities
- Alert monitoring
- Alert triage
- False positive identification
- Initial investigation
- Escalation procedures
Alert Analysis Process
- Receive alert
- Validate alert
- Check logs
- Identify severity
- Escalate or close
Hands-on:
- L1 alert analysis scenarios
MODULE 8: Incident Response (IR)
Incident Response Lifecycle
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons learned
Incident Types
- Malware incident
- Phishing incident
- Brute force attack
- Data breach
Hands-on:
- Incident response playbooks
- Incident report template
MODULE 9: Threat Intelligence & Threat Hunting
Threat Intelligence
- What is Threat Intelligence?
- Types:
- Strategic
- Tactical
- Operational
IOCs:
Threat Hunting
- Hypothesis-driven hunting
- MITRE ATT&CK framework
- TTPs (Tactics, Techniques, Procedures)
Hands-on:
- MITRE ATT&CK mapping
- IOC investigation
MODULE 10: Endpoint & EDR/XDR
Endpoint Security
- Antivirus vs EDR vs XDR
- Endpoint attack lifecycle
Popular Tools
- Microsoft Defender
- SentinelOne
- CrowdStrike
Hands-on:
- Endpoint alert investigation
- Malware behavior analysis
MODULE 11: Email Security & Phishing Analysis
Email Attacks
- Phishing
- Spear phishing
- Business Email Compromise (BEC)
Email Analysis
- Email headers
- URLs
- Attachments
Hands-on:
- Phishing email analysis
- Header analysis
MODULE 12: Cloud SOC (AWS / Azure)
Cloud Security Basics for SOC
- Shared Responsibility Model
- Cloud logging sources
Cloud SOC Tools
- AWS CloudTrail
- AWS GuardDuty
- AWS Security Hub
- Azure Defender
- Microsoft Sentinel
Hands-on:
- Cloud alert investigation
- Cloud incident example
MODULE 13: SOAR & Automation
What is SOAR?
- Security Orchestration
- Automation
- Response
Use Cases
- Automated phishing response
- Automated IP blocking
- Incident ticket creation
Hands-on:
MODULE 14: Real-Time SOC Use Cases
Example Scenarios
- Brute force attack detection
- Malware infection
- Phishing attack
- Data exfiltration attempt
Workflow: Alert → Investigation → Evidence → Response → Closure
MODULE 15: SOC Reporting & Documentation
SOC Documentation
- Incident reports
- Daily SOC reports
- Shift handover reports
- SLA & KPIs
Metrics
- MTTD
- MTTR
- False positive rate
MODULE 16: Careers, Certifications & Roadmap
SOC Job Roles
- SOC Analyst L1
- SOC Analyst L2
- SOC Analyst L3
- Threat Hunter
- Incident Responder
Certifications Roadmap
- Security+
- CEH (Blue Team)
- GCIA
- GCIH
- CySA+
COURSE OUTCOME
After completing this syllabus, learners will be able to:
- Work as SOC L1/L2 Analyst
- Monitor and analyze security alerts
- Investigate incidents using SIEM & EDR
- Handle phishing and malware incidents
- Transition into blue team security roles
