Module 1: Introduction to SOC & Cybersecurity
-
What is SOC (Security Operations Center)
-
SOC roles and hierarchy (L1–L3)
-
CIA Triad, Threats, Vulnerabilities & Attacks
-
Event, Alert, and Incident
-
Cyber Kill Chain and MITRE ATT&CK Framework
Module 2: SIEM & Log Analysis (Splunk Hands-On)
-
What is SIEM and how it works
-
Log collection, correlation & alerting process
-
Splunk Basics: Search, Dashboard, Reports
-
Creating correlation rules & alerts
-
Overview of other SIEM tools: QRadar, ArcSight
Module 3: Network & Endpoint Security Monitoring
-
TCP/IP, DNS, HTTP & SMTP basics
-
Network traffic analysis using Wireshark
-
IDS/IPS and Firewall log monitoring
-
Endpoint security concepts (Windows & Linux)
-
Introduction to EDR tools (CrowdStrike, SentinelOne)
Module 4: Threat Intelligence & Incident Response
-
What is Threat Intelligence & its types
-
Threat feeds and OSINT sources (VirusTotal, MISP)
-
Incident response lifecycle:
- Real-time incident analysis and triage
Module 5: Email & Web Security
-
Email attack types: Phishing, Spoofing, Malware
-
Web attacks: SQL Injection, XSS, LFI/RFI
-
Sandbox analysis of suspicious emails/files
-
SIEM-based detection of phishing campaigns
-
Creating response playbooks for web & email incidents
Module 6: SOC Operations & Career Readiness
-
SOC daily operations & shift handover process
-
Building SOC playbooks & use cases
-
Documentation & reporting best practices
-
Common interview questions for SOC L1–L2
-
Career roadmap: SOC Analyst → Threat Hunter → Incident Responder