Table of Contents
Nowadays, a Security Operation Centers (SOC) should have everything it needs to mount a competent defense of the constantly changing IT enterprise. The SOC includes a vast array of sophisticated detection and prevention technologies, cyber intelligence reporting, and access to a rapidly expanding workforce of talented IT professionals.
This SOC Operation course is designed for SOC organizations to implement a SOC solution and provide full guidance on the necessary skills and procedures to operate it. The training will provide participants with all aspects of a SOC team to keep the enterprise’s adversary.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories
- Self-work at home between lessons
- Repetition of materials, self-learning, performing tasks, etc…
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium Arena.
The course targets participants with foundation knowledge in computer networking.
- Incident responders
- System/network administrators
- Computer specialists to begin or evolved in cybersecurity with network foundation knowledge
- People implicated in internal security policy
- Provide participants with a solid understanding of the SOC environment, its roles, and functionalities
- Provide the participants the ability to gain practical capabilities of working inside a SOC
- Practice the acquired knowledge in real-time through the simulation environment
To be best prepared to succeed in this program, participants should have basic familiarity or experience with:
- Principles of network connectivity.
- Principles of IT systems
- Principles of Information Systems
- Basic operating system fundamentals with Linux.
During this module, participants will further explore data packets’ and study on a deeper level, learn to identify network anomalies, and understand system alerts. Students will master the use of well-known command-line-interface (CLI) and graphic-user-interface (GUI) tools to further specialize in the field. Students will learn methodologies to approach investigations of incidents.
The OSI Model
Basic Intrusion Detection Tools and Methods
Using the Scapy Module
Crafting and Analysing Packets
Working with PCAP Files
Replaying Packets for Investigating
Companies regularly deploy various security technologies designed to prevent and detect threats and strengthen and protect assets. During this module, we will detail SOC environments and how they work. The student will know to build and properly configure his SOC environment and correlate it with other security products/assets. Having a SOC allows you to have dynamic security that acts as a real bastion of analysis, monitoring, prevention, and remediation.
- Preparing the Framework
Introduction to ELK
- Hands-on PfSense
Setting and Configuring Rules
Passing Traffic using the NAT Feature
Configuring Firewall Rules
Managing Network Security
Learning about the SIEM (Security Information and Event Management), the primary system used by SOC analysts for monitoring the network. Participants will install a freely-available open-source SIEM platform and simulate different scenarios through a pre-prepared virtual environment, mimicking an organization.Technical content
- Building SIEM Environment Configuring Your Domain Setting-Up an Open Source SIEM Deploying Security-Onion Network and Host DLP Monitoring and Logging
- Monitoring using the Virtual Environment Firewall Monitoring and Management Email and Spam Gateway and Web Gateway Filtering Vulnerability Assessment and Monitoring Setting your Rules for Cyber Threats
In this module, students will learn to use the Windows Management Instrumentation. Students will learn how the core management process is accomplished and use WMI to manage both local and remote computers on the LAN network to consolidate the acquired knowledge into building tools skills in PowerShell scripts and regular WMI usage.
- WMI Architecture
Using WMI Methods
Working with Remote Computers
Access to the Registry
Detection with WMI
The following labs are part of the actual course:
- Lab 1 Wireshark
- Lab 2 Iptables
- Lab 3 Basic Log Filtering
- Lab 4 Advanced Log Filtering
- Lab 5 Volatility
- Lab 6 Basic Tshark
- Lab 7 Advanced Wireshark
- Lab 8 Advanced Tshark
- Lab 9 Snort & Snort Alerts
- Lab 10 PfSense
- Lab 11 ELK Filtering
Real Cases Studies
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
- In situe classroom with proctored labs and scenarios executed in our Cyberium Arena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.
In conjunction with course SOC Analyst, the present course prepares the participant to the following certifications:
- CISM (ISACA),
- GSEC (SANS),
- GMON (SANS)
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic