Security Operations (SOC) 201 is an intermediate security operations course designed to enhance your skills in detecting, investigating, and responding to complex cyber threats at scale. After establishing fundamental security operations knowledge and practical skills in SOC 101, the next logical step is to progress your career by applying advanced investigation methodologies and grasping the responsibilities of an Incident Responder and Threat Hunter. The SOC 201 curriculum teaches analysts how to identify, hunt, and respond to real-world adversary tactics and techniques. With a practical, hands-on focus, the curriculum provides realistic scenarios where students investigate sophisticated threats across multiple systems, learning to detect and respond effectively in enterprise-scale environments. The course also integrates proactive threat hunting as part of a continuous detection and response cycle, giving analysts the mental models to identify active threats, uncover gaps, and feed insights back into investigative processes to improve future detection and response efforts.
Syllabus
- Introduction
- Lab Setup
- Introduction to Incident Response
- Introduction to Threat Hunting
- Data Transformation
- Understanding Anomalies
- Dissecting Threat Reports
- Threat Hunting Lab
- Collection at Scale
- PowerShell 101
- PowerShell for Incident Response
- Conclusion
