SOC Analyst Advanced

מספר הקורס 71578

40 סה"כ שעות אקדמאיות
5 מפגשים
* מספר המפגשים והשעות למפגש עשויים להשתנות בין קורס לקורס

המועדים הקרובים

קורס לקבוצות

הקורס נפתח במתכונת של קבוצה בלבד, בהתאמה אישית לארגונים.
לפרטים נוספים:

ספרו לי עוד


Nowadays, a Security Operation Centers (SOC) should have everything it needs to mount a competent defense of the constantly-changing IT enterprise. The SOC includes a vast array of sophisticated detection and prevention technologies, cyber intelligence reporting, and access to a rapidly expanding workforce of talented IT professionals. This SOC Operation course is designed for SOC organizations to implement a SOC solution and provide full guidance on the necessary skills and procedures to operate it. The training will provide participants with all aspects of a SOC team to keep the enterprise's adversary.

The course helps prepare for the certification exams CISM (ISACA), GSEC (SANS), and GMON (SANS).



Provide participants with a solid understanding of the SOC environment, its roles, and functionalities

Provide the participants the ability to gain practical capabilities of working inside a SOC as Tier-1 analysts and incident responders

Understand the work of forensic investigators in a SOC

practice the acquired knowledge in real-time through the simulation environment


Who Should Attend

The course targets participants with foundation knowledge in computer networking, who wish to operate a SOC on the analyst and incident responder levels, or individuals who serve as corporate security analysts. Incident responders System/network administrators IT security personnel


תכנית הלימודים

Full syllabus
PDF להורדה

Module 1: Intrusion Detection

During this module, participants will further explore data packets' study on a deeper level, learn to identify network anomalies, and understand system alerts. Students will master the use of well-known command-line-interface (CLI) and graphic-user-interface (GUI) tools to further specialize in the field. Students will learn methodologies to approach investigations of incidents.

  • Basic Intrusion Detection Tools and Methods
    • Sysmon
    • Advanced Wireshark
    • Uncovering User-Accounts
    • OS Fingerprinting
    • GeoIP Integration
    • Streams Analysis
    • Incident Investigation
    • Hashing Tables
    • Analyzing Cyber-Events
    • Web-Filtering
    • Network Events
    • TShark: Wireshark CLI Tool
  • Using Scapy Module
    • Crafting and Analysing Packets
    • Working with PCAP Files
    • Replaying Packets for Investigating

Module 2: Using the SIEM

This module will drill down to SIEM (Security Information and Event Management), the primary system used by SOC analysts for monitoring the network. Participants will install a freely-available open-source SIEM platform and simulate different scenarios through a pre-prepared virtual environment, mimicking an organization. The virtual environment will include: Firewall, WAF, a Domain Controller, and an Antivirus. Students will have to demonstrate the various practical capabilities they acquired during the course and operate in a real-time environment during this part.

Module 3: Windows Management Instrumentation (WMI)

This module will explain and expand on the use of Windows Management Instrumentation. Students will learn how the core management process is accomplished and use WMI to manage both local and remote computers on the LAN network to consolidate the acquired knowledge into building tools skills in PowerShell scripts and regular WMI usage.

Module 4: SOC and IR

This module will teach the student to manage an enterprise security incident while avoiding common errors, increasing both the effectiveness and efficiency of your incident response efforts.


  • Linux
  • SOC-Intermediate (Course 71577)
סימולטור - Cyberium Arena

The courses at John Bryce Training allow you to gain experience with unique simulators and hands-on practice labs that include a variety of scenarios. Students are given the opportunity to put in practice what they have learned in order to retain all the relevant skills and information they were given throughout the course, this way upgrading their knowledge and expertise.

The simulator that is used in the hands on practice labs is The Cyberium system. This is an advanced cyber scenario simulator which has been developed by cyber experts who have been constantly involved in cyber training and in giving knowledge gaps solutions in the field of cyber. The simulator includes two main types of scenarios – educational and realistic.

Each educational scenario is focused on a different aspect of the course and simulates a specific aspect of the training topics. Each issue or topic taught in the course has a point exercise that allows the student to focus on it and deeply learn it.

The realistic scenarios simulate possible or past incidents related to Information Security. This includes everything from topics such as the Regulation of Cyber Systems to Attacks by Terrorist Hacker Organizations. These scenarios are broader than the educational exercises and require more of a systemic, strategic and comprehensive vision.

After each scenario, the system automatically generates detailed reports that serve as immediate feedback that allows the student and lecturer to measure the abilities, strengths, and weaknesses of the participant.

Schedule Appointment

Fill out the form below, and we will be in touch shortly.

לא הצלחנו לאתר את הטופס.