Skill Horizon

Back

SOC L1 Analyst

Learn essentials of SOC L1 Analyst

Course Curriculum

MODULE 1 - Networking Concepts for SOC (2 Weeks)

1. Networking Fundamentals

What is a network?
LAN, WAN, MAN
OSI Model
TCP/IP Model
Difference between OSI vs TCP/IP
IP Addressing, Subnetting, CIDR
Ports & Protocols (20+ important ones: 80, 443, 53, 445, 3389, 22, 25…)
TCP 3-way handshake
DNS resolution flow
ARP, DHCP, NAT concept
Firewalls, VLANs, DMZ

2. SOC-Relevant Protocols

HTTP/HTTPS
SMTP/IMAP/POP3 security
SMB (lateral movement perspective)
DNS tunneling basics
RDP security monitoring (3389 attacks)

3. Packet Analysis (SOC View)

Wireshark introduction
Reading packet structure
Detecting:
- Port scans
- Brute force
- Beaconing
- Malware C2 patterns

MODULE 2 - Linux Fundamentals for SOC (2 Weeks)

1. Linux Basics

Architecture overview
File system (/etc, /var/log, /home, /opt…)
Permissions & ownership
Shell basics

2. Important Linux Commands

File commands: ls, cat, grep, head, tail, find
Process commands: top, ps, kill
Network commands: netstat, ss, ifconfig/ip, tcpdump
User management commands
Service management (systemctl)

3. Log Files in Linux

/var/log/auth.log
/var/log/syslog
SSH logging
Cron logs
Failed login detection

4. Forensic Skills (Basic)

Checking running services
Tracing suspicious processes
Reading audit logs
Detecting brute force activity

MODULE 3 - Windows OS Fundamentals (2 Weeks)

1. Windows Architecture

Registry structure (HKLM, HKCU…)
Windows directory structure
Processes & services
User accounts & groups
NTFS permissions

2. Important Windows Commands

ipconfig
netstat
tasklist
taskkill
net user
sc query
powershell basics

3. Windows Event Logs (Core for SOC L1)

Event Viewer overview
Important logs:
- Security
- System
- Application
Authentication events:
- 4624 – Successful login
- 4625 – Failed login
- 4634 – Logoff
- 4672 – Admin privileges assigned
- 4648 – Explicit credentials used
RDP events
Account lockout events

4. Windows Artifacts

Prefetch
Startup folders
Autoruns
Scheduled tasks
Firewall logs

MODULE 4 - Cyber Security & SOC Basics (2 Weeks)

1. Introduction to Cyber Security

CIA Triad
Threats, vulnerabilities
Malware types
Social engineering basics
Phishing email breakdown

2. Introduction to SOC

What is a SOC?
Roles: L1, L2, L3, Threat Hunter, IR
SOC tools overview
SIEM introduction
Incident lifecycle
Use cases & correlations

3. MITRE ATT&CK Framework

Tactics & techniques
Real-world mapping
Common attacker behaviors

4. Security Devices

Firewall
IDS/IPS
EDR/XDR
WAF
Anti-virus vs EDR

MODULE 5 - SIEM Tools & Log Analysis (3 Weeks)

1. SIEM Concepts

What is SIEM?
Log sources
Log ingestion
Data normalization
Correlation rules

2. Hands-on SIEM

(Tools covered: Splunk / Elastic / Sentinel / QRadar → based on availability)

A. Searching & Filtering

KQL / SPL basics
Creating dashboards
Querying logs
Alerts & rules

B. Analyzing Logs

Firewall logs
Endpoint logs
Authentication logs
DNS logs
VPN logs
Proxy logs

3. SOC Use Cases (L1 Focus)

Failed password attempts
Brute-force attacks
Port scanning
Malware detection signals
Privilege escalation flags
Lateral movement detection
Suspicious PowerShell execution
Suspicious RDP connections
Data exfiltration patterns
DNS tunneling alerts
Phishing indicators from logs

MODULE 6 - Incident Detection & Response (2 Weeks)

1. SOC L1 Responsibilities

Alert triage
Prioritizing alerts
Escalation workflow
Communication with L2/L3
Documentation & ticketing

2. Alert Triage Methodology

What is the alert about?
Identify affected asset
Identify attacker action (MITRE mapping)
Validate true positive vs false positive
Evidence collection
Marking severity
Escalation steps

3. Incident Response Basics

Preparation
Identification
Containment
Eradication
Recovery
Lessons learned

4. Tools for IR

CyberChef
VirusTotal
ANY.RUN
URLScan
AbuseIPDB
Shodan
Censys

MODULE 7 - Email Security & Phishing Analysis (1 Week)

1. Email Headers

Analyzing headers
SPF, DKIM, DMARC
Identifying spoofing

2. Attachment Analysis

Safe detonation
Extracting metadata

3. URL Analysis

Malicious redirect detection
URL sandboxes

MODULE 8 - Threat Intelligence (1 Week)

1. What is Threat Intelligence?

IOCs, IOAs
TTPs
Threat feeds

2. TI Platforms

AlienVault
Hybrid Analysis
OTX
MISP

3. Creating TI-Enriched Alerts

Using reputation data
Mapping attackers

MODULE 9 — SOC Hands-On Projects (Final 2 Weeks)

Project 1 — Failed Login & Brute Force Case

Analyze Windows logs
Investigate suspicious logins
Create a detection rule

Project 2 — Malware Detection

Inspect malicious file
Extract IOCs
Create alert based on behavior

Project 3 — Suspicious Network Traffic

Analyze pcap
Identify C2 communication

Project 4 — Phishing Email

Analyze headers & attachments
Create triage report

Project 5 — Complete Incident Report

Full investigation
Evidence gathering
Create SOC L1 report

‍

Enroll in the Course
(As Limited Seats Available!)

INR 40,000/-

Incl. 18% GST

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Meet Your Mentor

Get to know the expert behind your learning journey. Our instructor brings years of real-world industry experience and a passion for teaching that makes every session practical, engaging, and impactful.

Learn More

How Skill Horizon Works?

Register for Course

Don't miss out on the chance to elevate your knowledge and achieve your goals – secure your spot now by registering for our course!

Demo Sessions

Once you register - take the first step toward a journey of discovery and skill enhancement. Join our demo sessions and envision the possibilities!

Fee Payment

Once you are happy with the Demo – invest in your success by paying the course fee and stepping into a brighter future.

Explore Courses

Register Now

Thank you! Your submission has been received!
‍
Stay tuned for more information...

For any additional queries reach out to the support team
‍