Welcome to the SOC Analyst Job Role Path! This path is designed for newcomers to information security who aspire to become professional SOC analysts. It covers core concepts of security monitoring and analysis, and provides an in-depth understanding of specialized tools, attack tactics, and methodologies used by adversaries. Through a combination of theoretical knowledge and practical exercises, students will learn to navigate all stages of security analysis, from traffic analysis and SIEM monitoring to DFIR activities and reporting. By the end of this path, you will have the skills and mindset necessary to monitor enterprise-level infrastructure and detect intrusions at an intermediate level.
Prerequisite: The SOC Analyst Prerequisites skill path is recommended before starting this path.
- Difficulty: Fundamental
- Sections: 9
- Points: +10
- Learn to handle security incidents from the early detection stage to response.
- Difficulty: Easy
- Sections: 11
- Points: +20
- Get a comprehensive overview of SIEM and the Elastic Stack, including practical skills in developing SIEM use cases.
- Difficulty: Medium
- Sections: 6
- Points: +20
- Explore the anatomy of Windows Event Logs and learn to detect malicious behavior using Sysmon and Event Logs.
- Difficulty: Medium
- Sections: 6
- Points: +20
- Understand threat hunting fundamentals and practice threat hunting using the Elastic stack with real-world logs.
- Difficulty: Medium
- Sections: 6
- Points: +20
- Learn to use Splunk for security monitoring and incident investigation, developing effective SPL searches.
- Difficulty: Medium
- Sections: 16
- Points: +20
- Walk through common attacks against Active Directory and learn prevention and detection methods.
- Difficulty: Medium
- Sections: 15
- Points: +10
- Monitor network activity for anomalies indicating security issues, useful for both offensive and defensive security.
- Difficulty: Easy
- Sections: 18
- Points: +20
- Detect link layer attacks, network abnormalities, and application layer threats through advanced traffic analysis.
- Difficulty: Medium
- Sections: 11
- Points: +20
- Dive into rule development and intrusion detection using Suricata, Snort, and Zeek with hands-on examples.
- Difficulty: Hard
- Sections: 9
- Points: +20
- Analyze malware targeting Windows, using tools for static and dynamic analysis, and reverse engineering.
- Difficulty: Easy
- Sections: 11
- Points: +10
- Learn the fundamentals of JavaScript Deobfuscation to understand and deobfuscate basic JavaScript code.
- Difficulty: Easy
- Sections: 11
- Points: +20
- Create and apply YARA and Sigma rules for threat hunting in real-world scenarios.
- Difficulty: Medium
- Sections: 8
- Points: +20
- Gain mastery over digital forensic tools and techniques for memory forensics, disk image analysis, and more.
- Difficulty: Medium
- Sections: 23
- Points: +20
- Identify Windows and Active Directory attacks using Windows Event Logs and Zeek network logs in Splunk.
- Difficulty: Easy
- Sections: 5
- Points: +10
- Learn to document security incidents accurately and professionally, with a focus on creating robust incident reports.
Embark on your journey to become a professional SOC analyst. Each module is carefully designed to build your skills progressively, ensuring you gain both theoretical knowledge and practical experience. Happy learning and good luck on your path to mastering SOC analysis! π