Scribd
Upload
37 views3 pages

SOC Analyst 2 Week

Soc

Uploaded by

maqasultanli
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
37 views3 pages

SOC Analyst 2 Week

Soc

Uploaded by

maqasultanli
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

2-Week SOC Analyst Study Plan

Day 1 – SOC & SIEM Fundamentals


• Study: What is SOC? SOC Tiers (1, 2, 3). SIEM basics (Splunk, ELK, QRadar).
• Practice: Explore free SIEM labs (Splunk/ELK).
• Resources:
• - https://www.splunk.com/en_us/resources/what-is-siem.html
• - https://www.elastic.co/what-is/siem
• - https://tryhackme.com/room/intro2soc

Day 2 – Networking & Protocols


• Study: OSI & TCP/IP models, Ports & Protocols.
• Practice: Capture packets in Wireshark (HTTP, DNS).
• Resources:
• - https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/
• - https://www.youtube.com/watch?v=2Qxp--1sQtU
• - https://tryhackme.com/room/introtonetworking

Day 3 – IDS/IPS & Firewalls


• Study: IDS vs IPS (Snort, Suricata, Zeek).
• Practice: Create a simple Snort rule.
• Resources:
• - https://www.snort.org/
• - https://suricata.io/
• - https://tryhackme.com/room/idsips

Day 4 – Endpoint Security


• Study: Antivirus vs EDR, Endpoint monitoring tools.
• Practice: Investigate Windows Event Viewer for failed logon.
• Resources:
• - https://www.microsoft.com/en-us/security/business/endpoint-security
• - https://www.youtube.com/watch?v=8npoU3Sg8J8
• - https://tryhackme.com/room/windowsfundamentals1xbx

Day 5 – Linux System Administration


• Study: Linux commands, file system, system logs.
• Practice: Detect failed SSH logins in /var/log/auth.log.
• Resources:
• - https://www.loggly.com/ultimate-guide/linux-logging-basics/
• - https://www.youtube.com/watch?v=wBp0Rb-ZJak
• - https://tryhackme.com/room/linuxfundamentalspart1

Day 6 – Microsoft System Administration


• Study: Active Directory basics, Event Viewer logs.
• Practice: Simulate failed login and detect in logs.
• Resources:
• - https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-di
rectory-domain-services-overview
• - https://www.youtube.com/watch?v=_PONcH1YObo
• - https://tryhackme.com/room/windowsfundamentals2x0x

Day 7 – Review & Mini Test


• Review: SOC, SIEM, IDS/IPS, Endpoint basics.
• Practice: SOC fundamentals lab.
• Resources:
• - https://tryhackme.com/room/soclevel1
• - https://blueteamlabs.online/

Day 8 – Incident Response & Playbooks


• Study: Incident lifecycle (Detection → Analysis → Containment → Eradication → Recovery →
Lessons Learned).
• Practice: Write a simple phishing incident report.
• Resources:
• - https://www.cisa.gov/resources-tools/resources/incident-handling-overview
• - https://attack.mitre.org/
• - https://tryhackme.com/room/incidentresponse

Day 9 – Log Analysis (SIEM Practice)


• Study: Log sources (Firewall, IDS, Proxy).
• Practice: Identify false positives in SIEM alerts.
• Resources:
• - https://www.loggly.com/blog/log-analysis-for-security/
• - https://tryhackme.com/room/siem101

Day 10 – Threat Intelligence


• Study: MITRE ATT&CK;, IOC vs IOA.
• Practice: Analyze IPs & hashes in VirusTotal.
• Resources:
• - https://attack.mitre.org/
• - https://www.virustotal.com/
• - https://tryhackme.com/room/threatintel

Day 11 – Cybersecurity Policies


• Study: ISO 27001, NIST CSF, CIA triad.
• Practice: Read a sample policy & map to SOC tasks.
• Resources:
• - https://www.iso.org/isoiec-27001-information-security.html
• - https://www.nist.gov/cyberframework
• - https://www.isaca.org/resources/cobit
Day 12 – Threat Detection
• Study: Indicators of Compromise (IOC), Indicators of Attack (IOA).
• Practice: Extract IOCs from logs.
• Resources:
• - https://www.crowdstrike.com/cybersecurity-101/indicators-of-compromise-iocs/
• - https://tryhackme.com/room/threatinteltools

Day 13 – English & Technical Reporting


• Study: SOC vocabulary (incident, alert, escalate, detection, remediation).
• Practice: Write a short incident report in English.
• Resources:
• - https://www.sans.org/white-papers/33901/
• - https://tryhackme.com/room/reporting

Day 14 – Final Review & Mock Interview


• Review: Key SOC concepts, practice interview questions.
• Practice: Prepare a full incident report (from detection to remediation).
• Resources:
• - https://tryhackme.com/room/soclevel2
• - https://blueteamlabs.online/

You might also like