Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
SOC Analyst Level 1 & 2 Masterclass
Bestseller
Rating: 4.6 out of 5(666 ratings)
4,384 students

SOC Analyst Level 1 & 2 Masterclass

Master SIEM, log analysis, threat intelligence & incident response with hands-on labs for SOC L1 & L2 careers.
Last updated 8/2025
English

What you'll learn

  • Students will learn how to detect, investigate, and respond to real-world cyber threats in a Security Operations Centre environment.
  • Students will learn to use SIEM tools like Splunk and Wazuh to analyze logs, create dashboards, and generate real-time security alerts.
  • Will learn how to apply the MITRE ATT&CK framework to map threats, identify tactics, techniques, and procedures (TTPs), and improve SOC detection coverage.
  • Students will complete a simulated SOC investigation from initial alert triage to creating and submitting a professional incident report.

Course content

12 sections73 lectures23h 33m total length
  • 1.1 SOC Organisational Structure25:38

    Explore the security operations center structure, outlining the people, processes, technology, and governance framework (TGC) and the tiered roles from triage analysts to threat hunters, plus benefits of 24/7 monitoring.

  • 1.2 SOC Workflow24:59
  • 1.3 Introduction to SOC Tools Part-117:15

    Master core SOC tools like SIM, SOAR, threat intelligence platforms, and NTA to aggregate logs, detect threats, and automate responses.

  • 1.4 Introduction to SOC Tools Part-228:31

    Explore core and advanced SOC tools including EDR for endpoint protection, vulnerability assessment tools, ticketing systems, sandboxing, UEBA, and deception tools such as honeypots and honey tokens.

  • 1.5 Day in the life of a SOC Analyst12:23
  • 1.6 SOC KPIs and Metrics14:02

    Analyze mean time to detect, respond, and contain along with alert metrics like false and true positive rates, escalation rate, patch rate, compliance adherence rate, and cost per incident.

  • 1.7 Practical Task12:35

    Practice level one SoC alert triage in a TryHackMe lab with a simulated siem dashboard, distinguishing true positives from false positives and escalating data exfiltration alerts to level two.

Requirements

  • A basic understanding of IT networks and operating systems is helpful but not required, as all key concepts will be explained from scratch.
  • Familiarity with common cybersecurity terms will be an advantage but is not mandatory.
  • Access to a computer with an internet connection is required to complete hands-on labs and simulations.
  • An interest in cybersecurity and a willingness to learn practical, job-ready SOC skills will help you succeed in the course.

Description

The SOC Analyst Level 1 & 2 Masterclass is your complete, hands-on training program to launch a successful career in cybersecurity. This course takes you inside the day-to-day operations of a real Security Operations Centre (SOC) and equips you with the skills to detect, investigate, and respond to real-world cyber threats.

Through 12 comprehensive modules and practical, scenario-based training, you will master SOC fundamentals, network traffic analysis, operating system internals, SIEM usage, threat intelligence, detection engineering, and full-scale incident response. Every topic is reinforced with hands-on labs, simulations, and real attack investigations to make you job-ready.

Here’s what you’ll learn in each module:

  • Module 1: SOC structure, workflows, tools, KPIs, and the role of L1 & L2 analysts.

  • Module 2: Networking essentials for SOC, including OSI/TCP-IP, protocols, packet inspection, and detecting network-based threats.

  • Module 3: Windows & Linux internals, log sources, and investigative commands for uncovering malicious activity.

  • Module 4: Understanding the threat landscape, mapping attacks to MITRE ATT&CK, and analyzing malware & phishing campaigns.

  • Module 5: SIEM fundamentals, log lifecycle, Splunk queries, Sigma rules, and dashboard creation.

  • Module 6: L1 alert monitoring, triage processes, enrichment with OSINT, and correlation techniques.

  • Module 7: Investigating brute force, phishing, malware, data exfiltration, and command & control (C2) attacks.

  • Module 8: SOC documentation, ticket lifecycle, escalation notes, and effective communication with stakeholders.

  • Module 9: Threat intelligence tools, OSINT investigations, threat actor profiling, playbooks, and AI-assisted triage.

  • Module 10: L2 detection engineering, writing & validating rules, log correlation, and deception techniques.

  • Module 11: Incident response lifecycle – containment, eradication, recovery, and lessons learned.

  • Module 12: Capstone project simulating a full SOC investigation with multiple threat scenarios.

By the end of this course, you will be able to:

  • Operate confidently in a SOC environment handling both L1 & L2 tasks.

  • Monitor, triage, and investigate security alerts using industry tools like Splunk, Wazuh, Elastic Stack, and Wireshark.

  • Apply MITRE ATT&CK to strengthen detection capabilities.

  • Create and tune detection rules, correlate logs, and escalate incidents effectively.

  • Build a professional SOC portfolio with reports, dashboards, and detection rules to showcase to employers.

Whether you are an aspiring SOC Analyst, Blue Team member, or IT professional transitioning into security, this course will give you the knowledge, practical skills, and confidence to succeed in one of the fastest-growing areas of cybersecurity.

Who this course is for:

  • This course is for aspiring SOC Analysts who want to start a career in cybersecurity.
  • It is ideal for Junior Security Engineers and Blue Team members looking to strengthen their SOC skills.
  • IT professionals who wish to transition into a security-focused role will find this course highly valuable.
  • Cybersecurity students preparing for interviews, assessments, or hands-on SOC tasks will benefit from this training.