SOC Associate Analyst

Register nowBook as incompany

What will you learn?

  • 9Mindset of the SOC Analyst, the analytical process and collaboration skills fully integrated in the hands- on exercises
  • 9Real life experience in a Virtual SOC with SIEM, ITSM and a SOC Ticketing system deployed and working together
  • 9Practice attacker techniques and vulnerabilities evaluation
  • 9Identify companies’ critical assets and key IT systems that you’re assigned to monitor and protect
  • 9Where and how to collect data and logs
  • 9Hands on experience with threat analysis, reporting and escalation


  • 3 days of training
  • 15 hours of self -study

About the SOC Associate Analyst course

 The SOC Associate Analyst course was developed by a group of SOC- Managers and the creator of the SOC Maturity Model (SOC-CMM). First and foremost (and often underestimated in training), this training will trigger your curiosity, activate your analytical brain and have you work together with your SOC Mates, Clients and Incident Responders, three crucial assets for the successful Analysts. The course dives deep into the analytical process, offers a set of hypotheses with ‘if- then’ scenario’s, what to look for and where to find ‘go- to’ resources to support your investigations that will help you deal with the huge number of logs, alerts and events in a SOC, which can be overwhelming if not treated correctly. This mindset is not delivered in Power Point but fully integrated with hands- on, real world tasks of a Tier 1 Analyst that you will be practicing throughout the course: You’ll practice attacker techniques and vulnerabilities evaluation, identification of companies’ critical assets and key IT systems that you’re assigned to monitor and protect, and work with SIEM, ITSM and a SOC Ticketing System, the key toolset of the Tier 1 analyst. You will monitor, analyze and prioritize SIEM alerts based on host-based and security appliance logs, perform triage and effective decision-making to confirm if a security incident is taking place, declare the incident and escalate to your Tier 3 colleagues in the Virtual SOC. You’ll conduct threat analysis on actual datasets, use the ticketing system to report your findings and present the results of your investigations. The course delivers a simulated SOC environment including a virtualized ITSM, SOC Ticketing system and SIEM, fully set up to work together which will create an immersive experience in a virtual SOC and re-create your workplace as closely as possible. Lastly the course introduces you to use cases for security monitoring and processes of threat intelligence, threat hunting and incident response. This will also set the stage for the SOC Threat Analyst course , designed for SOC Analysts that are looking to progress into a more senior role.


Who should attend?

This training is designed for those that are pursuing a career as a SOC Analyst, junior team members looking to accelerate their learning curve, SOC Teams that want to set a baseline requirement for their Tier1 Analysts and Universities that that want to have their students ‘job- ready’, with industry subjects which lead to industry certifications. This course offers a unique combination of the mindset, knowledge and skills required from a SOC Analyst, immediately applied in a realistic work environment. If you are a SOC Analyst looking to grow into a more senior role we would recommend taking the SOC Threat Analyst course.


What’s included?

• Training from some of the worlds’ most passionate and experienced experts in security operations
 Virtual SOC with ITSM, SIEM and SOC Ticketing System integrated and set up to work together
 Official SECO-Institute course materials
 Pre- course preparation kit
 Exam voucher

 Why SECO-Institute?

This training was developed by an international group of SOC Managers and the creator of the SOC Maturity Model, that is adopted worldwide by enterprises for improving Security Operations. The training is based on the requirements that they have set for their own teams, so you can feel comfortable that it offers practical, relevant, and job-ready content. Our accredited trainers have been involved in building, managing and maturing SOC/CSIRT Teams, worked on large-scale international cyber investigations, and participated in responding to attacks from renowned campaigns and cyber criminals. Equally important, they fully identify with SECO’s vision that passion, mindset and collaboration are crucial to the success of the SOC as a whole as well as the success and the satisfaction of the defenders employed.



Course modules


Module 1 – Setting the Stage: The SOC and the Tier 1 Analyst

This module briefly introduces students into the processes, data flows and capabilities of a Security Operations Center, the services that a SOC delivers, what technologies are deployed and how they interconnect. It then describes the different roles, responsibilities and tasks within the SOC, from Tier 1 up to management. From thereon, the module dives deep into the Tier 1 Analyst role, the associated Tasks and KSA matrix (Knowledge, Skills, Abilities) that are required, key tools and resources, major challenges and pitfalls for a junior Analyst, and how all of the above are addressed in the training process.

1.1. Intro SOC, SOC-Services and Technology based on SOC-Maturity Model
1.2. Roles within the SOC and associated escalation process, career paths
1.3. Tasks of the Tier 1 Analyst
1.4. Core skills of the Tier 1 Analyst, it is all about:

• Understanding attacker techniques and vulnerabilities
• Being able to identify critical company assets and key systems
• Know where and how to collect data and logs
• Analytical process and decision making when to declare a security incident
• How to report your findings and escalate
1.5. Key toolset of the Tier 1 Analyst (SIEM, ITSM, SOC-Ticketing System)
1.6. Key data-sources initiating investigations:

• SIEM alerts
• IDS alerts, firewalls – , network traffic logs, endpoints
• Reported from users
1.7. Key data-sources supporting investigations:
• Vulnerability Management
• Threat Intelligence
• Malware Analysis

Module 2 – Key toolset of the SOC Analyst: SIEM, ITSM, SOC Ticketing System, Mindset

This hands-on module introduces you to SIEM, ITSM and SOC Ticketing Systems and how they work together. You will understand the different SIEM technologies and data processing models, focusing on Elastic and Splunk, the most popular SIEM products in the market nowadays. You will experience the Analyst feeling when working with different team members and transitioning from the ITSM to the rest of the tools in order to deliver a high-quality service. Throughout this module, you will work on a business case, where you are assigned to process some tasks within a virtual SOC via a ticketing system. You will be introduced to the mindset of the security analyst and the analytical, step- by step process of an investigation.

2.1. ITSM
2.2. SOC Ticketing System
2.3. SIEM
2.4. The mindset of a Security Analyst – introduction
2.5. Hands On – Exercise using all of the above


Module 3: Log Collection, Use Cases, Threat Detection and Monitoring

This module delivers the theory behind log monitoring and security monitoring systems along with hands-on exercises in security logging and analyzing log collections. The module offers an introduction to attacker techniques and vulnerability finding, critical assets and key systems identification. You will learn where and how to collect data (SIEM alerts, IDS alerts, firewalls, network traffic logs, endpoints, WAF, etc), how to investigate and detect threats based on a large realistic dataset and how use cases are applied to monitor the use of attack techniques. A large portion of the module is again spent on guiding you step by step through the analytical process, what to look for when analysing log collections and key data sources that will support your investigations.

3.1. The mindset of a Security Analyst – in depth
3.2. Introduction to Attacker techniques and processes
3.3. Data Collection
• SIEM alerts
• IDS alerts
• Firewalls
• Network traffic logs
• Others
3.4. Logs and Log Collection
3.5. Critical and Key IT Systems and their logs (exercise)
3.6. ITSM and SIEM (Hands on)
3.7. Event Analysis, correlation and Attack Techniques (hands on)
3.8. Alerting, Reporting and Dashboarding (hands on)
3.9. Security Monitoring Use Cases, MaGMA, MaGMA UCF


Module 4: Threat Analysis in-depth, fundamentals of Threat Intelligence and Threat Hunting, Incident Response

Module 4 starts with a high- level introduction of the threat intelligence process and how it is applied to obtain situational awareness. It then dives deeper into the Pyramid of Pain and MITRE ATT&CK framework for Threat Hunting and Threat Analysis purposes. You will finalise understanding the incident declaration and escalation procedure as well as the overall Incident Response model and process. During the hands-on practice, students get to analyse a dataset in order to find indications of threats and work together on a business where they manage an incident from preparation to post-incident analysis. The hands-on section prepares students for a complex homework assignment they will complete after this module and that will be a part of their exam.

4.1. Introduction to Threat Intelligence, situational awareness and attribution
4.2. Pyramid of Pain and MITRE ATT&CK framework
4.3. Threat Analysis versus Threat Hunting
4.4. Detection continuous improvement and Intelligence feedback
4.5. Incident Response model and process
4.6. Hands on threat analysis exercise and incident response business case
4.7. Homework assignment and exam preparation

About the Exam

  1. Homework assignment in CTF format
    The hands-on section on the last day of training prepares you for a complex, hands on homework assignment in a Capture the Flag format that will be part of your exam and certification. You must finalize your assignment before you can schedule your exam.
  2. Exam
    • Language: English
    • Delivered: Online via a certified proctor
     Questions: 40 multiple choice (5 questions related to your CTF homework assignment)
     Time: 60 minutes

Practical Information

  • Course times: 9 am to approximately 4:30 pm. The coffee is ready at 8:30.
  • Lunch is included and consists of a buffet with, among other things, fresh sandwiches. Do you have allergies or dietary requirements? Please communicate this in time.
  • Training location:
    Quinten Matsijslei 25
    2018 Antwerp
  • By participating in a course or training you agree with our terms and conditions

Register now

Book as incompany or stay up to date