Track 06 · Corporate Training

SOC Operations and Blue Team

Build a security operations team that can monitor, triage, investigate and escalate real incidents.

11 Modules 50–60 Hours Instructor-Led / Virtual / Hybrid
Overview

A blue-team track that develops working SOC analysts. It covers monitoring principles, Windows and Linux log analysis, network traffic analysis, SIEM operations, alert triage, endpoint investigation and detection engineering, ending in a simulated-incident exercise.

Modules
11 Modules · 50–60 Hours
01
SOC Fundamentals
SOC structure, roles, workflows and escalation
3 Hours
02
Security Monitoring
Events, alerts, use cases and monitoring principles
4 Hours
03
Windows Event Analysis
Authentication, process, service, PowerShell and account events
5 Hours
04
Linux Log Analysis
Authentication, services, processes and suspicious activity
4 Hours
05
Network Traffic Analysis
Protocol analysis, packet inspection, DNS, HTTP and lateral movement
6 Hours
06
SIEM Operations
Log ingestion, correlation, dashboards, searches and alerts
6 Hours
07
Alert Triage
Validation, prioritisation, enrichment and false-positive handling
5 Hours
08
Endpoint Investigation
Processes, persistence, files, connections and endpoint telemetry
5 Hours
09
Detection Engineering
Detection logic, use-case development and testing
5 Hours
10
Incident Escalation
Evidence documentation, containment recommendations and stakeholder communication
4 Hours
11
SOC Practical Exercise
Investigation of simulated security incidents
7 Hours
Delivery Formats
Instructor-Led ClassroomVirtual Instructor-LedHybrid TrainingWorkshop-BasedLaboratory-BasedExecutive BriefingTabletop ExerciseBootcampTrain-the-TrainerCustom Corporate Programme