Back to catalog
Beginner1 day / 4 to 6 guided hourspublished
Cybersecurity Blue Team / SOC Analyst: Beginner
Learn alert triage, log sources, event timelines, and analyst workflow fundamentals.
Audience
- Self-paced technical learners
- Instructor-led cohorts
- Enterprise teams preparing staff for hands-on operations
Prerequisites
- Basic computer literacy
- Ability to follow browser-based lab instructions
Outcomes
- Provision an isolated cybersecurity blue team / soc analyst lab from template metadata.
- Use snapshots, rollback, validation checks, and teardown safely.
- Explain how Wazuh, Linux, Windows fit into an enterprise training environment.
- Produce evidence that an instructor or admin can review.
Course plan
Modules and labs
Each module maps to provisioned lab work, validation evidence, reset/rollback policy, and instructor visibility.
Module 3
Validation and reflection
Required templates
SIEM/logging node
definedUbuntu 24.04 LTS plus Wazuh stack
Kali/security workstation
definedKali Linux official VM image or Ubuntu security workstation build
TODO: Publish only for safe internal blue-team exercises; keep intentionally vulnerable targets isolated.
Windows Server 2022 base
definedWindows Server 2022 evaluation or licensed ISO
TODO: Build golden image from valid Microsoft evaluation or customer-licensed media.
Ubuntu Server 24.04
availableUbuntu 24.04 LTS cloud image
Validation checks
SIEM receiving logs
A generated test event appears in the tenant security index.
Firewall rules active
Allowed path works and denied east-west path is blocked.
VM reachable
The VM reports boot complete and responds through the tenant bastion path.