1600
NX220 – SOC-Analyst
Válido por 6 meses
Organizations: Contact us for enterprise solutions and volume pricing.
SOC-Analyst
Monitor and defend network systems
Learn to operate a modern Security Operations Center using enterprise tools like Splunk and ELK Stack. From threat detection to incident response, master the skills needed to protect organizational assets.
Series
NX Defense
Program Code
NX220
Level
Level-3
Organizations: Contact us for enterprise solutions and volume pricing.
What Our Clients Say
“Over 1000 of our students have been trained using ThinkCyber's Products and Services. The hands-on experience they gain from using the Cyberium Arena Simulator and Specto is invaluable and has been instrumental in their career progression”
— John Bryce Training Center, Israel
“The training was crucial, providing my team with a wealth of knowledge through hands-on experiences. This is why, throughout June 2023, we will be welcoming SOC analysts from across the nation to participate in the CACC (CERT-IL Advanced Cyber Training). This training, facilitated by ThinkCyber and utilizing the Cyberium simulator, will provide invaluable experience and knowledge upgrades.”
— Homeland Security
“Our students are getting excellent positions such as SOC Analysts, Network Security Engineers, Forensics and Penetration Testers thanks to the applicable and relevant hands-on cybersecurity skills they've acquired through ThinkCyber's solutions.”
— James Lim, CEO of Centre for Cybersecurity Institute, Singapore
“Exceptional course! I've attended numerous programs, but this outshines them all in every conceivable way: the comprehensive content, the expert guidance, the practical exercises, and the seamless organization of the entire course.”
— Defense Forces
Description
Step into the world of professional Security Operations Centers. Through hands-on practice with industry-standard tools, you'll learn to monitor networks, detect threats, and respond to security incidents. Working with Sysmon, pfSense, ELK Stack, and Splunk, you'll build practical experience in defending enterprise networks using the same tools and techniques deployed by security professionals worldwide.
Most students complete this course in 10 to 12 weeks when studying regularly.
Program Impact & Outcomes
After completing this course, you will:
-
Configure and manage Windows domain environments
-
Set up and maintain enterprise-grade SIEM systems
-
Monitor real-time security events and network traffic
-
Create and customize detection rules
-
Perform threat hunting using MITRE ATT&CK
-
Handle security incidents like a professional
Real-World Training Environment
From day one, you will:
-
Build a complete Windows domain environment
-
Configure and operate enterprise SIEM systems
-
Work with professional security tools (Splunk, ELK)
-
Create and test detection rules
-
Practice incident response procedures
-
Apply MITRE ATT&CK framework in realistic scenarios
What You Will Learn
This SOC Operation module is designed for SOC organizations to implement a SOC solution and provide full guidance on the necessary skills and procedures to operate it. The program provides participants with all aspects of a SOC team to keep the enterprise's adversary.
SOC-ANALYST
This focused module centers on Sysmon, a powerful Windows system monitoring tool. It teaches learners how to use Sysmon for comprehensive event logging, contributing to a deeper understanding of Windows domain operations.
-
Windows Server
-
Installing Windows Server
-
Configuring Windows Server
-
Managing Features
-
Windows Events
-
Sysmon
-
Windows Domain
-
Installing AD DS
-
Configuring AD DS
-
Managing Domain Protocols
-
Working with Group Policy
-
Working with Wireshark
-
This module includes the Firewalls configuration and management using pfSense, including the creation of firewall and NAT rules. It involves real-time system monitoring and explores Intrusion Detection and Prevention Systems (IDS/IPS). Participants gain hands-on experience with Snort, understanding rule structures, configuration, and advanced traffic analysis using the NAT feature.
-
Firewalls
-
pfSense Installation
-
Configuring FW Rules
-
Configuring NAT Rules
-
Installing and Managing Packages
-
Real-Time Monitoring
-
IDS/IPS
-
Working with Snort
-
Snort Rules Structure
-
Setting and Configuring Rules
-
Passing Traffic using the NAT Feature
-
Analyzing Advanced Rules
-
This module guides participants through the essential components of Security Information and Event Management (SIEM). It initiates with the exploration of ELK stack, covering event monitoring, search methods, custom queries, and alert settings. The latter part delves into Splunk, teaching how to monitor events, the fundamentals of Search Processing Language (SPL).
-
ELK
-
Monitoring Events
-
Different Search Methods
-
Custom Queries
-
Setting Alerts
-
Splunk
-
Monitoring with Splunk
-
Splunk Alerts
-
This module immerses participants into advanced aspects of cybersecurity. It begins with comprehensive log analysis, incorporating advanced filtering and threat hunting via events and MITRE ATT&CK. Participants work with Sysmon and its configuration, followed by exploring YARA for rule creation and threat hunting.
-
Log Analysis
-
Analyzing Logs
-
Advanced Filtering
-
MITRE ATT&CK
-
Hunting via Events
-
Creating Hunting Rules
-
Sysmon
-
Configuring XML Settings
-
Analyzing Sysmon Events
-
YARA
-
Rules Structure
-
Hunting with YARA
-
Incident Response
-
IR Playbooks
-
Investigating Files
-