Objective of the Course- Security Operations Centre (SOC)

This course provides everything from the basics to a comprehensive overview of the technologies and related architecture used in a Security Operations Center (SOC). It will arm you with the skills needed to identify security events and respond to incidents in a SOC environment.

Modules Include:

Introduction to Security Operations Center (SOC) (4 hours)

  • What is SOC
  • Red Vs Blue Teams
  • Cyber kill chain
  • MITRE ATT&CK framework
  • Roles and responsibilities of SOC

Ethical Hacking Basics (10 hours)

  • Nmap
  • Hacking stages
  • Types of hackers
  • Web application security
  • Roles and responsibilities of SOC
  • Types of Malware
  • Ransomware and security measures

SIEM (4 hours)

  • What is SIEM
  • ArcSight Architecture and Its components
  • Introduction to Collector
  • Introduction to ESM

QRADAR Components Configuration (4 hours)

  • System requirements (OS, DB, hardware specs)
  • Installation of QRADAR
  • QRADAR user management

SIEM Console Navigation (4 hours)

  • Filters
  • Index Management
  • Advanced searches

Logger and its components (4 hours)

  • Overview of Collectors
  • Logger workflow to receive events
  • Device Groups
  • Reports and Dashboard creation in Logger
  • Event searching
  • Scheduling Tasks
  • Alert notification and its limitation
  • User logger for Investigation

Content Management (4 hours)

  • Use Cases
  • Hidden features in QRADAR to create rules (Local variable, Active List)
  • Dashboards
  • Reports
  • Sample creation of Use cases
  • Sample creation of dashboard
  • Sample creation of reports

Using QRADAR for Offense Investigations (4 hours)

  • Alert mechanism and reporting overview
  • Identifying alerts and responding to it
  • Using search mechanism for quick investigation
  • Using QRADAR for quick alert Investigation techniques
  • Using Active channels and logger queries as part of investigation
  • Using reports and dashboards in QRADAR for trend analysis
  • Correlating multiple device logs for decision making on triggered alerts
  • Trend Analysis using reports and Dashboards
  • Sample Investigation on triggered alerts

Making them ost out of QRADAR (4 hours)

  • Device integration overview
  • Automating compliance alerts
  • Using search mechanisms for quick investigation
  • Quick investigation shortcuts
  • Cheat sheet for QRADAR troubleshooting
  • Log stoppage alerts and trouble shooting

Click here to contact us and learn about all our trainings!

Learn more about our training program.

Get in touch today!

Back To Top