top of page

1,600

NX220 – SOC-Analyst

Valid for 6 months

*Typical completion, beginning to end: 6-9 months, when studying regularly

SOC-Analyst

Monitor and defend network systems

Master the tools and techniques used in modern Security Operations Centers, from threat detection to incident response.

Series

NX Defense

Program Code

NX220

Duration

Self-Pace*

*Typical completion, beginning to end: 6-9 months, when studying regularly

What Our Clients Say

John Bryce.jpg
“Over 1000 of our students have been trained using ThinkCyber's Products and Services. The hands-on experience they gain from using the Cyberium Arena Simulator and Specto is invaluable and has been instrumental in their career progression”

— John Bryce Training Center, Israel

HLS Testomonial.jpg
“The training was crucial, providing my team with a wealth of knowledge through hands-on experiences. This is why, throughout June 2023, we will be welcoming SOC analysts from across the nation to participate in the CACC (CERT-IL Advanced Cyber Training). This training, facilitated by ThinkCyber and utilizing the Cyberium simulator, will provide invaluable experience and knowledge upgrades.”

— Homeland Security

James CFC Testimonial.jpg
“Our students are getting excellent positions such as SOC Analysts, Network Security Engineers, Forensics and Penetration Testers thanks to the applicable and relevant hands-on cybersecurity skills they've acquired through ThinkCyber's solutions.”

— James Lim, CEO of Centre for Cybersecurity Institute, Singapore

Army Testimonial.jpg
“Exceptional course! I've attended numerous programs, but this outshines them all in every conceivable way: the comprehensive content, the expert guidance, the practical exercises, and the seamless organization of the entire course.”

— Defense Forces

Description

Want to be at the frontline of cyber defense? This program puts you in the seat of a SOC Analyst, working with enterprise-grade security tools like Splunk and ELK Stack. You'll learn to monitor networks, detect threats, and respond to incidents using the same tools and techniques deployed in professional Security Operations Centers. Perfect for those ready to step into a SOC role.

Program Recognition & Impact

Our SOC Analyst program reflects real-world security operations expertise:

  • Implemented in active Security Operations Centers worldwide

  • Trusted by defense organizations and global enterprises

  • Hands-on experience with professional SIEM platforms

  • Proven methodology for developing SOC team capabilities

  • Track record of graduates in leading security teams

Real-World Training Environment

Through our Cyberium Arena learning platform, you'll build and operate a complete SOC environment:   

  • Set up your own Windows domain environment using virtual machines

  • Configure and manage enterprise-grade SIEM systems

  • Monitor real-time security events and network traffic

  • Practice incident response on actual security alerts

  • Use industry-standard tools like Splunk and ELK Stack

  • Apply MITRE ATT&CK framework in realistic scenarios

What You Will Learn

This SOC Operation module is designed for SOC organizations to implement a SOC solution and provide full guidance on the necessary skills and procedures to operate it. The program provides participants with all aspects of a SOC team to keep the enterprise's adversary.

SOC-ANALYST
  • This focused module centers on Sysmon, a powerful Windows system monitoring tool. It teaches learners how to use Sysmon for comprehensive event logging, contributing to a deeper understanding of Windows domain operations.

    • Windows Server

    • Installing Windows Server

    • Configuring Windows Server

    • Managing Features

    • Windows Events

    • Sysmon

    • Windows Domain

    • Installing AD DS

    • Configuring AD DS

    • Managing Domain Protocols

    • Working with Group Policy

    • Working with Wireshark
       

  • This module includes the Firewalls configuration and management using pfSense, including the creation of firewall and NAT rules. It involves real-time system monitoring and explores Intrusion Detection and Prevention Systems (IDS/IPS). Participants gain hands-on experience with Snort, understanding rule structures, configuration, and advanced traffic analysis using the NAT feature.

    • Firewalls

    • pfSense Installation

    • Configuring FW Rules

    • Configuring NAT Rules

    • Installing and Managing Packages

    • Real-Time Monitoring 

    • IDS/IPS

    • Working with Snort

    • Snort Rules Structure

    • Setting and Configuring Rules

    • Passing Traffic using the NAT Feature

    • Analyzing Advanced Rules
       

  • This module guides participants through the essential components of Security Information and Event Management (SIEM). It initiates with the exploration of ELK stack, covering event monitoring, search methods, custom queries, and alert settings. The latter part delves into Splunk, teaching how to monitor events, the fundamentals of Search Processing Language (SPL).

    • ELK

    • Monitoring Events

    • Different Search Methods

    • Custom Queries

    • Setting Alerts

    • Splunk

    • Monitoring with Splunk

    • Splunk Alerts
       

  • This module immerses participants into advanced aspects of cybersecurity. It begins with comprehensive log analysis, incorporating advanced filtering and threat hunting via events and MITRE ATT&CK. Participants work with Sysmon and its configuration, followed by exploring YARA for rule creation and threat hunting.

    • Log Analysis

    • Analyzing Logs

    • Advanced Filtering

    • MITRE ATT&CK

    • Hunting via Events

    • Creating Hunting Rules

    • Sysmon

    • Configuring XML Settings

    • Analyzing Sysmon Events

    • YARA

    • Rules Structure

    • Hunting with YARA

    • Incident Response

    • IR Playbooks

    • Investigating Files
       

bottom of page