Catalogue · MOD-DEF-03

SIEM & SOC Fundamentals

At the heart of a SOC, you must see, understand and react fast. This module trains you to operate a tier-1 security operations centre: collect logs, correlate, alert, triage and launch first responses.

Defence (Blue) Praticien 6 bricks 10 labs ≈ 18.5 h 5 real cases

Objectives

• Design log collection and ingestion • Search and correlate within a SIEM • Detect via endpoint telemetry • Triage and respond to an alert per a playbook

Module bricks

BRQ-DEF-011 — Log collection & ingestion (Beats/Logstash) (2 lab(s))
BRQ-DEF-012 — SIEM search & correlation (Elastic) (2 lab(s))
BRQ-DEF-013 — Endpoint detection (Sysmon/EDR) (1 lab(s))
BRQ-DEF-014 — SOC alert triage & playbooks (TheHive) (1 lab(s))
BRQ-DEF-015 — Phishing & traffic detection at the SOC (2 lab(s))
BRQ-DEF-016 — SOAR & continuous improvement (Shuffle) (2 lab(s))

Order this module View full catalogue