Course objectives
After completing this course, students will be able to:
- Understand the fundamental concepts of SOC operations
- Learn how to analyze security events and incidents
- Utilize SIEM tools to detect and respond to threats
- Apply threat intelligence to improve security posture
- Develop incident response plans and procedures
- Enhance skills in digital forensics and malware analysis
Course outlines
- Module 1: Security Operations and Management
- Introduction to SOC
- SOC roles and responsibilities
- Security operations lifecycle
- Key performance indicators (KPIs) and metrics
- Module 2: Understanding Cyber Threats, IoCs, and Attack Methodology
- Types of cyber threats and attacks
- Threat actors and their motivations
- Indicators of compromise (IoCs)
- Cyber kill chain
- Module 3: Incidents, Events, and Logging
- Incident classification and categorization
- Event logging and correlation
- Log management and analysis tools
- Security information and event management (SIEM)
- Module 4: Incident Detection with SIEM
- SIEM architecture and components
- SIEM use cases and best practices
- Alerting and notification systems
- Correlation rules and anomaly detection
- Module 5: Enhanced Incident Detection with Threat Intelligence
- Threat intelligence sources and feeds
- Integrating threat intelligence into SIEM
- Threat hunting techniques
- Advanced threat detection
- Module 6: Incident Response
- Incident response planning and procedures
- Incident triage and escalation
- Containment and eradication techniques
- Root cause analysis
- Post-incident activities and lessons learned