About the Course

This course provides hands-on training for security operations professionals focused on identifying and analyzing cyber threats. Participants will gain practical experience with real-world tools and techniques used in a modern SOC (Security Operations Center) — including log analysis, SIEM usage, endpoint monitoring, and email forensics.

Key Topics Covered

  • Common cyberattack types and defense layers
  • SOC roles, technologies, and architecture
  • Network traffic analysis and packet capture tools
  • Endpoint detection and monitoring using EDR solutions
  • Phishing and web traffic analysis
  • Windows event log interpretation
  • SIEM platforms and detection rule creation
  • Malware sandbox analysis

Skills Acquired

  • Understand SOC missions and core technologies
  • Analyze network protocols and traffic captures
  • Monitor and investigate suspicious endpoint activity
  • Detect web-based threats using OWASP Top 10 practices
  • Analyze phishing emails and associated indicators
  • Work with Windows event logs for system behavior analysis
  • Use SIEM platforms to detect threats and create detection rules
  • Perform malware behavior analysis using sandboxing tools

Target Participants

  • SOC analysts and Tier 1–2 responders
  • Technical specialists in information security
  • CERT and CSIRT employees
  • Network security professionals seeking to enhance detection skills

Requirements

  • A foundational understanding of cybersecurity principles
  • Familiarity with basic networking and endpoint concepts
  • (Recommended) Prior exposure to security event analysis or incident handling

1. SOC Fundamentals

arrow_drop_down
  • Overview of common cyberattack types
  • Defense-in-depth strategies
  • SOC mission, roles, and technology stack

2. SOC Architecture and Processes

arrow_drop_down
  • Core SOC frameworks
  • People, process, and technology alignment

3. Network Analysis

arrow_drop_down
  • Protocols, encapsulation, and packet capture fundamentals
  • Practical hands-on traffic analysis

4. Endpoint Analysis

arrow_drop_down
  • Process monitoring and behavioral analysis
  • Introduction to EDR systems
  • Practical task with endpoint telemetry

5. Web and Email Analysis

arrow_drop_down
  • OWASP Top 10 vulnerabilities and detection
  • Web application scanning
  • Email analysis process and lab task

6. Log Analysis

arrow_drop_down
  • SIEM architecture and key capabilities
  • Use case development and rule creation
  • Practical task on custom rule implementation

8. Malware Sandbox Analysis

arrow_drop_down
  • Using AnyRun and Hybrid Analysis
  • Behavioral analysis of suspicious files