Module 1: The SOC — Your War Room
Understand where you work, what you protect, and how everything connects.
You'll encounter the first traces of Operation Shadow Broker — an APT attacker (185.220.101.42) hiding among 1,200 alerts.
Lessons & Labs
Lesson 1.1 — Inside the SOC
SOC structure, L1/L2/L3 roles, shift handoffs
Lesson 1.2 — The Attack Landscape
Kill chain, diamond model, common attack patterns
Lesson 1.3 — MITRE ATT&CK for Defenders
Tactics, techniques, sub-techniques
Lab 1.2 — ATT&CK Mapping
Map an APT29 attack report to the MITRE ATT&CK framework, color-code detection coverage, and write a gap analysis.
Lab 1.1 — Your First Shift: Wazuh Dashboard & Alert Tracing
Get hands-on with the Wazuh SIEM: learn the dashboard, search bar, filters, and alert fields, then trace 3 real alerts through the data pipeline.
Lesson 1.4 — Your Weapon System: The SOC Toolkit
Every tool you will master — Wazuh, Velociraptor, MISP, TheHive, Suricata, Shuffle, and more — organized by SOC function with cloud lab access
Lab 1.3 — Know Your Logs
Explore ~1,650 events from 12 agents across 12 log sources in Wazuh. Learn to distinguish log sources from event types, then build a reference sheet mapping each source to ATT&CK techniques.
SOC Soft Skills & Career Paths
Communication, teamwork, burnout prevention, L1→L2→L3 career progression
Lab 1.4 — Navigate Like an Analyst
No quiz, no pressure. Practice navigating Wazuh Dashboard, reinforce your DQL skills, and build the muscle memory you need for Module 2.