SIEM/SOC Advanced


This SOC Operation course is designed for SOC organizations implementing a SOC solution and provides full guidance on the necessary skills and procedures to operate it. The training will provide trainers with all aspects needed for a SOC team to keeping the adversary out of the enterprise.

NS108 Final Project: create a code that will be used for IR teams to identify abnormal pcap files.

FIVE   |   NINE   |   85%   |   40

                SCENARIOS               LABS                    HANDS-ON           DURATION

LAB 01

Windows Events

LAB 02

Sysmon Events

LAB 03

Text Manipulation

LAB 04

Working with Tshark

LAB 05


LAB 06

Registry Analysis

LAB 09

Working with WMI

LAB 07

Process Analysis

LAB 08

Advanced Filtering using Zeek

Scenario: SCCB001

Rodpicom Botnet sends a message to the victim with a link to a malicious site that leads to downloadable content. The link content contained malware, which causes CPU overloads on a small advertising company customer. The company’s SOC team was asked to check the security logs on the web-server for further investigation.

Rodpicom Botnet.jpg

Scenario: SCCB002

In the last few months, multiple groups of attackers successfully compromised corporate email accounts at various firms, using phishing techniques. As part of the security team, we need your help to find leads to the attacker.


Scenario: SCCB003

A former Yahoo employee has pleaded guilty to misusing his access to hack into the accounts of nearly 6,000 Yahoo users. We need your help to investigate the incident.


Scenario: SCCB004

Over the past few months, hundreds of Android users have been complaining about a new piece of mysterious malware. Our company uses the system "Security Onion", and we need your help analyzing the logs it generated by the malware traffic.


Scenario: SCCB005

The web hosting company, Hostinger, has suffered a data breach. Using the access token, the hackers infiltrated a SQL database server and found a file containing a list holding millions of hashed passwords and usernames. Following the incident, the CEO hired a group of Cyber Security professionals, to work together and close the vulnerability that allowed the hackers to infiltrate the network and steal the file.


To be eligible for the certificate, the student must complete four scenarios (out of five) and submit the project associated with the course.

Score distribution: 60% scenarios + 40% project.

SIEM/SOC Advanced Certification

What our students say

"Learning to identify and protect from cyber-attacks. Great practice."

  • White LinkedIn Icon
  • White Facebook Icon

Ze'ev Jabotinsky St 7,
Ramat Gan, IL.

© 2020 by ThinkCyber