Foundations of SOC with Elastic and Jira with Hayden Covington

Have you ever wondered what it would be like to work in a SOC? Do you manage a SOC and want a better understanding of what goes on within? Or maybe you want to experience Elastic and how it can be used for threat detections and analysis?

Throughout the course you will gain an understanding of key functions of a SOC and it’s tools, specifically its SIEM and ticketing systems. You’ll learn how they work under the hood and how to bend them to your will. These fundamentals will build upon themselves until you find yourself writing custom sequence detections and investigating them when they fire.

Foundations of SOC has a good mixture of fundamental knowledge with the freedom to apply that knowledge at a more advanced level for more experienced analysts. As different functions within a SIEM are covered there is leeway for those with more experience to branch out and build on the basics of the labs.

By the end of the course, you will have a fully functioning SOC of your very own, lacking only in analysts (besides yourself). You’ll be given resources on how to further improve your SIEM should you wish. Lastly, you will be able to tell interviewers that you single-handedly stood up a SOC’s infrastructure.

• Part 1: SOC, Ticketing Systems, and Jira
• Part 2: SIEMs, Elasticsearch, and Query Languages
• Part 3: Detection Engineering, Testing, and Tuning
• Part 4: Investigation Fundamentals, SOC Tickets, and Practical Application

Wild West Hackin’ Fest – Deadwood (Oct 7th – Oct 8th, 2025) – Deadwood, SD

• October 7th – 8:30 AM to 5:00 PM MDT
• October 8th – 8:30 AM to 5:00 PM MDT

Key Takeaways

• Foundations of a SOC
• SOC Tools and Operations
• Ticketing System Offerings
• Jira and Opsgenie configurations
• What SOC life is like, both the good and the bad
• Security Information and Event Management (SIEM) Offerings
• How to Navigate and Use Elasticsearch and Elastic SIEM
• Elasticsearch Query Languages
• How to Write a good Query
• Detection Engineering and Tuning
• Detection Tuning Risk Management
• Mapping Your Detections to MITRE ATT&CK
• Testing Detections with Atomic Red Team (ART)
• SOC Investigation Fundamentals
• How to Investigate a SOC Ticket When You’re Stuck
• How to Write a Good SOC Ticket
• How to Investigate Common Event Modules
• How to use Elastic Timelines, Cases, and Dashboards for Your Investigations
• Investigating Multi-Stage Attacks
• Open-Source Detections
• How to Improve Your SOC After the Course
• How to Apply the Course Learnings to Your Career

Who Should Take This Course

• SOC engineers, managers, analysts, or those wanting to work in a SOC
• Anyone wanting to learn how to configure Elastic and Jira
• Anyone wanting to learn how to work in Elastic or Jira
• Anyone wanting to learn how to investigate threat activity in a SIEM
• Anyone wanting to know how to write, tune, and test threat detections

Student Requirements

• Basic understanding of Windows operating systems
• Basic understanding of security fundamentals (i.e. What DNS is, what an IP address is, what a process is)
• How to operate a Virtual Machine

Supplemental Reading

• https://www.vmware.com/products/workstation-player.html
• https://github.com/redcanaryco/atomic-red-team
  • https://github.com/redcanaryco/invoke-atomicredteam/wiki/Installing-Invoke-AtomicRedTeam#install-execution-framework-and-atomics-folder
• https://www.atlassian.com/software/jira/
• https://www.elastic.co/security
• https://www.elastic.co/guide/en/security/current/index.html

• A computer with either VMWare Player or Workstation
• A computer with the ability to run a VM for labs with the following specs:
  • 4 GB RAM
  • 2 Core CPU
  • 60 GB of storage
• (Optional) Labs can be performed on the host laptop
  • Instructions are provided for how to accommodate this approach, with pre-requisite installations needed before the class starts