Cybersecurity Blue Team / SOC Analyst: Expert
Build detection engineering pipelines, simulate failures, harden telemetry, and run capstone response drills.
Audience
- Self-paced technical learners
- Instructor-led cohorts
- Enterprise teams preparing staff for hands-on operations
Prerequisites
- Intermediate course or equivalent production experience
- Comfort with troubleshooting and design tradeoffs
Outcomes
- Provision an isolated cybersecurity blue team / soc analyst lab from template metadata.
- Use snapshots, rollback, validation checks, and teardown safely.
- Explain how Wazuh, Linux, Windows fit into an enterprise training environment.
- Produce evidence that an instructor or admin can review.
Modules and labs
Each module maps to provisioned lab work, validation evidence, reset/rollback policy, and instructor visibility.
SIEM/logging node
definedUbuntu 24.04 LTS plus Wazuh stack
Kali/security workstation
definedKali Linux official VM image or Ubuntu security workstation build
TODO: Publish only for safe internal blue-team exercises; keep intentionally vulnerable targets isolated.
Windows Server 2022 base
definedWindows Server 2022 evaluation or licensed ISO
TODO: Build golden image from valid Microsoft evaluation or customer-licensed media.
Ubuntu Server 24.04
availableUbuntu 24.04 LTS cloud image
SIEM receiving logs
A generated test event appears in the tenant security index.
Firewall rules active
Allowed path works and denied east-west path is blocked.
VM reachable
The VM reports boot complete and responds through the tenant bastion path.