Foundations of SOC with Elastic and Jira with Hayden Covington
Overview
- Course Length: 16 hours
- Offered as private training. Contact us for details.
- Includes Certificate of participation and six months of access to class recordings.
Foundations of SOC will take you from the ground floor of “What is a SOC” to “How to detect and investigate a multi-stage attack”.
Have you ever wondered what it would be like to work in a SOC? Do you manage a SOC and want a better understanding of what goes on within? Or maybe you want to experience Elastic and how it can be used for threat detections and analysis?
Throughout the course you will gain an understanding of key functions of a SOC and it’s tools, specifically its SIEM and ticketing systems. You’ll learn how they work under the hood and how to bend them to your will. These fundamentals will build upon themselves until you find yourself writing custom sequence detections and investigating them when they fire.
Foundations of SOC has a good mixture of fundamental knowledge with the freedom to apply that knowledge at a more advanced level for more experienced analysts. As different functions within a SIEM are covered there is leeway for those with more experience to branch out and build on the basics of the labs.
By the end of the course, you will have a fully functioning SOC of your very own, lacking only in analysts (besides yourself). You’ll be given resources on how to further improve your SIEM should you wish. Lastly, you will be able to tell interviewers that you single-handedly stood up a SOC’s infrastructure.
- Part 1: SOC, Ticketing Systems, and Jira
- Part 2: SIEMs, Elasticsearch, and Query Languages
- Part 3: Detection Engineering, Testing, and Tuning
- Part 4: Investigation Fundamentals, SOC Tickets, and Practical Application
Virtual (Dec 5th – Dec 6th) – Secure Code Summit
- December 5th, 2024 9 AM – 6 PM EST
- December 6th, 2024 10 AM – 6 PM EST
Wild West Hackin’ Fest at Mile High (Feb 4th – Feb 5th, 2025) – Denver, CO
- February 4th – 8:30 AM to 5:00 PM MDT
- February 5th – 8:30 AM to 5:00 PM MDT
Key Takeaways
- Foundations of a SOC
- SOC Tools and Operations
- Ticketing System Offerings
- Jira and Opsgenie configurations
- What SOC life is like, both the good and the bad
- Security Information and Event Management (SIEM) Offerings
- How to Navigate and Use Elasticsearch and Elastic SIEM
- Elasticsearch Query Languages
- How to Write a good Query
- Detection Engineering and Tuning
- Detection Tuning Risk Management
- Mapping Your Detections to MITRE ATT&CK
- Testing Detections with Atomic Red Team (ART)
- SOC Investigation Fundamentals
- How to Investigate a SOC Ticket When You’re Stuck
- How to Write a Good SOC Ticket
- How to Investigate Common Event Modules
- How to use Elastic Timelines, Cases, and Dashboards for Your Investigations
- Investigating Multi-Stage Attacks
- Open-Source Detections
- How to Improve Your SOC After the Course
- How to Apply the Course Learnings to Your Career
Who Should Take This Course
- SOC engineers, managers, analysts, or those wanting to work in a SOC
- Anyone wanting to learn how to configure Elastic and Jira
- Anyone wanting to learn how to work in Elastic or Jira
- Anyone wanting to learn how to investigate threat activity in a SIEM
- Anyone wanting to know how to write, tune, and test threat detections
Student Requirements
- Basic understanding of Windows operating systems
- Basic understanding of security fundamentals (i.e. What DNS is, what an IP address is, what a process is)
- How to operate a Virtual Machine
Supplemental Reading
- A computer with either VMWare Player or Workstation
- A computer with the ability to run a VM for labs with the following specs:
- 4 GB RAM
- 2 Core CPU
- 60 GB of storage
- (Optional) Labs can be performed on the host laptop
- Instructions are provided for how to accommodate this approach, with pre-requisite installations needed before the class starts
This class is being taught at Wild West Hackin’ Fest at Mile High 2025.
For more information about our conferences, visit Wild West Hackin’ Fest!
Clicking on the button above will take you
to our registration page on the website.
Live Training
- Collaborative interaction with Instructor and fellow students through the Antisyphon Discord class channel
- Access to course slides for future reference
- Tips, tools, and techniques that can be applied immediately upon returning to work
- Strengthen your skills by solving challenges within the Antisyphon Cyber Range
- Become part of a community driven to educate and share knowledge