NOCT

Flagship training

Foundations of Security Operations

Take yourself from the ground floor of "What is a SOC" to "How to detect and investigate a multi-stage attack." A practical course with a good mixture of fundamental knowledge and freedom to apply it at a more advanced level.

Course description

This course covers the core functions of a SOC and the tools that run it — specifically SIEM and ticketing systems. You'll learn how they work under the hood and how to configure them for real operational use.

The fundamentals build on themselves: you'll start with SOC structure and tooling, move into query languages and detection engineering, and finish by investigating multi-stage attacks using the detections you wrote.

By the end, you'll have stood up a fully functioning SOC environment, written and tested custom detections, and practiced the investigation workflows that analysts use every day.

View CourseAll Training

Instructor

Hayden Covington

Associate Director of Security Operations · Instructor · Detection Engineer

Associate Director of Security Operations at Black Hills Information Security and instructor for Antisyphon Training. Nearly a decade building and running high-performing blue teams.

Leads detection engineering, operationalizes threat intelligence, and oversees day-to-day SOC operations at BHIS. Teaches Foundations of Security Operations through Antisyphon Training. Regular BHIS blog contributor and security webcast guest.

Syllabus

  1. 1SOC, Ticketing Systems, and Jira
  2. 2SIEMs, Elasticsearch, and Query Languages
  3. 3Detection Engineering, Testing, and Tuning
  4. 4Investigation Fundamentals, SOC Tickets, and Practical Application

Prerequisites

  • Basic understanding of Windows operating systems
  • Basic understanding of security fundamentals (DNS, IP addresses, processes)
  • Ability to operate a virtual machine

Who it is for

  • SOC engineers, managers, analysts, or those wanting to work in a SOC
  • Anyone wanting to learn how to configure and work in Elastic and Jira
  • Anyone wanting to learn how to investigate threat activity in a SIEM
  • Anyone wanting to know how to write, tune, and test threat detections

What you will learn

  • Understand the core functions of a SOC and its tools
  • Navigate and use Elasticsearch, Elastic SIEM, and query languages
  • Write, test, and tune threat detections mapped to MITRE ATT&CK
  • Investigate SOC tickets and multi-stage attacks with confidence
  • Stand up SOC infrastructure including SIEM, ticketing, and detection pipelines