Security Operations Center (SOC) Analyst Training
This SOC Analyst training course is designed to be hands-on, lab-driven, and industry-aligned. It provides students with real-world SOC experience, ensuring they can step into a SOC role with practical skills in SIEM, threat detection, incident response, and compliance auditing.
Course Overview
Course Title:
Security Operations Center (SOC) Analyst Training
Duration:
8 Weeks (Hands-on Practical Training and Assessments)
Delivery Mode:
Instructor-led training
Hands-on lab-based exercises
Live simulations
Assessments and final certification project
Target Audience:
Aspiring SOC Analysts
IT Professionals transitioning into cybersecurity
Network administrators and IT support staff
Security professionals looking to enhance incident response skills
Learning Outcomes:
By the end of the course, students will be able to:
Set up and operate a SOC using Microsoft Sentinel, Defender XDR, and other security tools
Perform threat hunting, log analysis, and incident response
Understand compliance requirements (ISO 27001, GDPR, Cyber Essentials)
Conduct malware analysis, phishing investigations, and forensic analysis
Deploy and configure security controls following Zero Trust and IAM principles
Set up SIEM (Security Information and Event Management) for real-world scenarios
2. Course Breakdown by Weeks
Week 1: SOC Fundamentals & Security Tools
Objective: Understand SOC operations, key concepts, and set up security tools.
Introduction to SOC, Security Operations, and Analyst Roles
Cyber Kill Chain and MITRE ATT&CK Framework
Set up Microsoft 365 & Assign Licenses
Deploy Microsoft Sentinel & configure data connectors
Deploy Windows 365 Cloud PCs for SOC testing
Assessment: Short quiz on SOC fundamentals and initial lab setup
Week 2: Access Management & Zero Trust
Objective: Implement security policies and access control.
Role-Based Access Control (RBAC) and Identity Management
Conditional Access Policies & Multi-Factor Authentication (MFA)
Microsoft Intune: Device security and compliance
Cloudflare Zero Trust: Securing access to corporate resources
Lab: Configure Conditional Access, RBAC policies, and deploy Cloudflare Zero Trust.
Assessment: Review of access policies and security hardening
Week 3: Vulnerability Management & Threat Intelligence
Objective: Deploy and manage a vulnerability scanning program and integrate threat intelligence.
Vulnerability Management Overview and CVSS Scoring
Deploy Qualys Agent for vulnerability scanning
Analyze Qualys Findings & Prioritization
Threat Intelligence Overview: MITRE ATT&CK, MISP
Integrate Threat Intelligence into Microsoft Sentinel
Lab:
Deploy Qualys in a lab environment and analyze scan results
Integrate Threat Intelligence feeds into SIEM
Assessment: Report on vulnerability findings and risk mitigation plan
Week 4: Threat Detection & Log Analysis
Objective: Detect security incidents using log analysis and advanced SIEM techniques.Introduction to Threat Detection & IOC (Indicators of Compromise) Hunting
Microsoft Defender XDR: Endpoint Detection and Response (EDR)
Write KQL Queries for SIEM log analysis
Create Detection Rules & Alerts in Microsoft Sentinel
Investigate Alerts in Sentinel and Defender XDR
Lab:
Use KQL queries to detect suspicious activity
Correlate logs from different sources (Defender, Sentinel, Qualys)
Assessment: SIEM investigation exercise
Week 5: Incident Response & Forensics
Objective: Handle security incidents and analyze digital forensic artifacts.
Live Cyber Attack Simulation (Recon & Endpoint Compromise)
Introduction to Digital Forensics (Disk & Memory Analysis)
Use Autopsy & Volatility for memory analysis
Perform a Mock SOC Incident Handling Exercise
Lab:
Investigate a simulated attack scenario and identify compromised systems
Conduct disk and memory forensics on a breached system
Assessment: Investigative report on a security incident
Week 6: Compliance Audits & SOC Reporting
Objective: Learn security compliance frameworks and auditing techniques.
Introduction to ISO 27001, GDPR, Cyber Essentials compliance
Perform a Cyber Essentials Audit
Learn GDPR Compliance Requirements & SOC Responsibilities
Conduct an ISO 27001-2022 Audit using Microsoft Compliance Manager
Understand SOC Metrics & Reporting (MTTD, MTTR, SIEM Dashboards)
Lab:
Audit a security environment based on Cyber Essentials & GDPR standards
Configure Microsoft Compliance Manager to generate reportsAssessment: Compliance audit report
Week 7: Lab Setup & Configuration
Objective: Students build their own SOC environment and test configurations.
Deploy Microsoft Sentinel, Defender XDR, and configure log ingestion
Set up custom detection rules, dashboards, and alerts
Tune SIEM correlation rules for false positive reduction
Lab:
Full SOC setup and fine-tuning of security monitoring
Assessment: Instructor review of SOC lab setup
Week 8: Audit, Incident Response, and Mock Testing
Objective: Conduct a full SOC audit and respond to simulated attacks.
Perform a SOC audit to ensure compliance and security best practices
Phishing Incident Response: Investigate email security breaches
Malware Investigation: Analyze an endpoint malware infection
Final Security Incident Handling Report
Lab:
Conduct a full SOC investigation of a phishing attack
Simulate and analyze malware execution logs and response
Assessment: Final security report on phishing and malware attack response
3. Lab Setup Requirements
Cloud-based Lab Infrastructure:
Microsoft 365 with Azure AD, Intune, and Compliance Manager
Microsoft Defender XDR (Endpoint, Email, Identity)
Microsoft Sentinel SIEM with Log Analytics
Qualys Cloud Platform for vulnerability management
Cloudflare Zero Trust for network security
Tools & Resources:
Windows 365 Cloud PCs for each student
Autopsy & Volatility for forensic analysisKQL for SIEM log analysis
AlienVault OTX, MISP for Threat Intelligence
4. Assessment and Certification
Assessment Criteria:
Weekly quizzes and lab exercises (30%)
Practical SOC audit and incident response (40%)
Final project: Phishing and Malware Incident Response Report (30%)
Certification Requirements:
Completion of all lab exercises and SOC setup
Passing final assessment (minimum 70%)
Submission of a detailed SOC Investigation Report