Frequently Asked Questions

Syllabus 

SECTION 1: Security Operations Teams, Tools, And Mission Overview

TOPICS: Welcome to the Blue Team; SOC Foundations; SOC Organization and Functions; SOC Data Collection; An Introduction to SIEM; Building SIEM Queries; SIEM Visualizations and; Knowing Your Enemy; Threat Intelligence Platforms;
Alert Generation and Processing; Incident Management Systems and SOAR

SECTION 2:Network Traffic Analysis

TOPICS: Network Architecture; Traffic Capture and Analysis; Understanding DNS; DNS Analysis and Attacks; Understanding HTTP; HTTP(S) Analysis and Attacks; How HTTP/2 and HTTP/3 Work; Analyzing Encrypted Traffic for Suspicious Activity;
Common Protocols for Post-Exploitation 

SECTION 3: Endpoint Defense, Security Logging, and Malware Identification Overview

TOPICS: Common Endpoint Attack Tactics; Endpoint Defense in Depth; How
Windows Logging Works; How Linux Logging Works; Interpreting SecurityCritical Log Events; Making Logs Usable –LogCollection, Parsing, and Normalization; Identifying Potentially Malicious Files; Dissecting Commonly Weaponized File Types; Fast Identification and Safe Handling of Malicious Files

SECTION 4:Efficient Alert Triage and Email Analysis

TOPICS: Alert Triage and Analysis; Structured Analytical Techniques for Alert
Investigation; The Most Important Mentals Models for Security Analysts; Incident Documentation,Closing and Investigation Quality; Analysis Operational Security for Defenders – How to Not Tip Off Attackers of Defense Action; Detecting Malicious Emails through Email Header Analysis (SPF, DKIM, DMARC and more); Email Content, URL, and Attachment Analysis

SECTION 5:Continuous Improvement, Analytics, and Automation

TOPICS: Reducing Burnout and Retention Issues in the SOC; False Positive Reduction –Analytic Features and the Importance of Log Enrichment; New Analytic Design, Testing,and Sharing; Alert Tuning Methodology; SOC Automation and Orchestration (with and without SOAR); Improving Analyst Efficiency and Workflow; Methods for Quickly Containing Identified Intrusions; Skill and Career Development for SOC Staff

SECTION 6: Capstone: Defend the Flag

The course culminates in a daylong, team-based capture-the-flag competition. Using network data and logs from a simulated network under attack, Section 6 provides a full day of hands-on work applying the principles taught throughout the week. Your team will be challenged to detect and identify attacks to progress through multiple categories of questions designed to ensure mastery of the concepts and data covered during the course.

How Promilo Works for Students

College Search Made Easy, Find the Right College for You in Minutes, Not Months!

Search your Career Goal

Discover courses, internships, and jobs that sync with your goals.

Register for Free

Get access to premium features and connect directly with experts. You're all set!

Book a Free Meeting

Schedule a free online meeting or talk to experts Jump into a meeting with pro-experts. We got you!

Stack Up Rewards

Your time is valuable, and we appreciate every moment you spend with us. That's why we continue to reward you for your engagement.