SOC Analyst Career Path

Master the skills to become a Tier 1 Security Analyst.

Events / Sec

2,450

+12% vs avg

Threat Level

ELEVATED

Network Load

45%

Sensors Online

98%

42/43 Active

Open Alerts

0

Requires Attention

LIVE FEED

Recent System Activity

Select an Incident

Choose an alert from the queue to begin investigation.

Declassified Files

Real-world incident reports and post-mortem analysis.

🛡️ SOC SIMULATION

Day Shift --:--

🚨 0 Pending

✅ 0 Resolved

👤 Analyst: You

SOC Dashboard

Welcome to your shift. Monitor alerts, investigate threats, and protect the organization.

🔴

0 Critical Alerts

🟠

0 High Priority

🟡

0 Medium

🟢

0 Resolved Today

Quick Actions

Recent Activity

--:-- Shift started. Awaiting alerts...

📊

SIEM

💻

Terminal

📧

Email

🦈

NetShark

🌐

Browser

📁

Files

🔍

SIEM Lab

🛡️

12:00 PM

SOC Analyst Glossary

Key terms and abbreviations every analyst needs to know.

🔄 SOC Workflows & Runbooks

Step-by-step guides for common SOC processes. Follow these when you're unsure what to do next.

🚨

Alert Triage Workflow

When a new alert fires

1. Acknowledge the Alert

Claim ownership in the SIEM to prevent duplicate work.

2. Gather Context

Who? What? When? Where? Check user, asset, time, and location.

3. Check Historical Data

Has this user/asset triggered similar alerts before?

4. Determine Verdict

True Positive: Escalate. False Positive: Document & Close.

5. Document & Close

Write a clear summary in the ticket. Tag related IOCs.

📢

Escalation Workflow

When to escalate to Tier 2/3

⚠️ Escalate If:

Confirmed malware execution
Active data exfiltration
Compromised credentials
Lateral movement detected
Ransomware indicators

How to Escalate:

Update ticket with all findings
Assign to Tier 2 queue
Slack/Page the on-call analyst
Brief them verbally if critical

🎣

Phishing Analysis Workflow

Reported suspicious email

1. Extract Artifacts

Sender address, subject, URLs, attachments, headers.

2. Analyze URLs

Use VirusTotal, URLScan.io, Any.Run. Check for credential harvesting.

3. Check Attachments

Sandbox any files. Look for macros, executables, or encoded payloads.

4. Check Scope

Did anyone else receive this? Did anyone click?

5. Take Action

Block sender/domain. Delete from all mailboxes. Reset passwords if needed.

🦠

Malware Containment

Confirmed malware on endpoint

1. Isolate the Host

Use EDR to network-isolate the machine immediately.

2. Preserve Evidence

Capture memory dump, disk image, or relevant logs before remediation.

3. Identify IOCs

File hashes, C2 IPs, registry keys, scheduled tasks.

4. Hunt for Spread

Search SIEM for IOCs across all endpoints.

5. Remediate & Recover

Clean/reimage machine. Restore from backup. Monitor for reinfection.

📌 Pro Tip for New Analysts

When in doubt, document everything and ask for help. It's better to escalate a false positive than to miss a real threat. Your team is there to support you!

Chapter 1

Lesson Title

Exercise Instructions

🎯 Objective

Learn defensive security concepts by exploring network monitoring, vulnerability scanning, and firewall management.

📝 Step-by-Step Instructions

1

SIEM Dashboard

Inspect your SIEM dashboard, copy the malicious IP from the critical alerts, and switch to the IP Hunter tab.
2

IP Hunter

Use the IP Hunter to analyze the suspicious IP address identified in the SIEM alerts.
3

Escalation

Let's declare a small incident event and escalate it.
4

Firewall

Block the malicious IP address on the firewall and find out the hidden flag.

MISSION: SSH Brute Force

Alerts

Date	Severity	Message	Copy

SOC Analyst Career Path

Your Progress

Career Roadmap

⚡ Quick Actions

Next Up

External Resources

Mock Interview Bot 🤖

Recent System Activity

Select an Incident

Declassified Files

SOC Dashboard

Quick Actions

Recent Activity

Alert Queue

Incident Response Playbooks

Case Reports

No completed cases yet

Simulation Guide

🎯 Objective

📊 Dashboard

🚨 Alert Queue

💻 Workstation

📋 Playbooks

📁 Case Reports

SOC Analyst Glossary

🔄 SOC Workflows & Runbooks

Alert Triage Workflow

Escalation Workflow

Phishing Analysis Workflow

Malware Containment

📌 Pro Tip for New Analysts

Lesson Title

Exercise Instructions

🎯 Objective

📝 Step-by-Step Instructions

SIEM Dashboard

IP Hunter

Escalation

Firewall

Alerts

IP Address Lookup

Incident Escalation Form

Firewall Rule Management

Active Firewall Rules

Lesson Title

🎉 Share your badge with friends and inspire success!

Your Name

Mission Control