SIEM/SOC Intermediate

NS107

Those responsible for the initial triage of an incident are the SOC analysts and incident responders; This course covers the necessary skills and practices to train such SOC personnel and successfully operate a modern-day SOC. The training starts from a broad understanding of the various functions in a SOC and a thorough workout on its technologies, up to a real-time hands-on practice in a virtual simulation environment.

​

NS107 Final Project: create a code that will be used for IR teams to analyze memory files.

Picture7.png

FIVE   |   ELEVEN   |   85%   |   40

          SCENARIOS                   LABS                        HANDS-ON           DURATION

LAB 01

​

Wireshark

LAB 02

​

Iptables

LAB 03

​

Basic Log Filtering

LAB 04

​

Advanced Log Filtering

LAB 05

​

Volatility

LAB 06

​

Basic Tshark

LAB 09

​

Snort and Snort Alerts

LAB 10

​

PfSense

LAB 07

​

Advanced Wireshark

LAB 08

​

Advanced Tshark

LAB 11

​

ELK Filtering

Scenario: SCCA001

During the coronavirus, medical research university suffered a data breach. Criminal groups seek to exploit the crisis for financial gain. We need to track down their actions to understand what was stolen. Our tech engineer captured the network traffic during the attack; you have the task to solve the incident.

photo_2020-04-14_13-00-53.jpg

Scenario: SCCA002

Recently a large insurance company called VitaLife has suffered a severe breach. The SOC team who worked on that breach that day are still investigating the scene. You have been asked to filter through those logs to find the possible cause of the attack.

photo_2020-05-01_16-53-34.jpg

Scenario: SCCA003

Information about 60% of the US population was exposed to what is believed to be the largest ever known exposure. The IT department found an unsecured server, which is now under in-depth investigation by your team. The company using your services to investigate the server that held a large amount of that data to mitigate this issue.

photo_2020-05-21_17-40-52.jpg

Scenario: SCCA004

Financial company in Asia suffered from a Ransomware attack, which made them pay $1 million in bitcoin, to restore encrypted files. They hired you as a specialist to help them find any tracks. The SOC team was able to monitor some of that traffic that might contain valuable information related to the attack.

photo_2017-09-18_09-39-42.jpg

Scenario: SCCA005

A company suspects it has been attacked and needs your help in finding network traces done by a group of hackers that are targeting several businesses and organizations in Germany.

photo_2020-03-29_22-17-38.jpg

To be eligible for the certificate, the student must complete four scenarios (out of five) and submit the project associated with the course.


Score distribution: 60% scenarios + 40% project.

SIEM/SOC Intermediate Certification

What our students say

"This course showed me how to really look at cyber threats."

"Using the simulator made it that now I know how to function in real situations"

LINKS
CONTACT
  • White LinkedIn Icon
  • White Facebook Icon

Ze'ev Jabotinsky St 7,
Ramat Gan, IL.
+972-3-9629018
info@ThinkCyber.co.il

© 2020 by ThinkCyber