Back to catalog
Intermediate2 days / 10 to 14 guided hourspublished
Cybersecurity Blue Team / SOC Analyst: Intermediate
Investigate multi-host incidents, tune detections, and produce incident reports.
Audience
- Self-paced technical learners
- Instructor-led cohorts
- Enterprise teams preparing staff for hands-on operations
Prerequisites
- Beginner course or equivalent experience
- Comfort with command-line or admin consoles
Outcomes
- Provision an isolated cybersecurity blue team / soc analyst lab from template metadata.
- Use snapshots, rollback, validation checks, and teardown safely.
- Explain how Wazuh, Linux, Windows fit into an enterprise training environment.
- Produce evidence that an instructor or admin can review.
Course plan
Modules and labs
Each module maps to provisioned lab work, validation evidence, reset/rollback policy, and instructor visibility.
Required templates
SIEM/logging node
definedUbuntu 24.04 LTS plus Wazuh stack
Kali/security workstation
definedKali Linux official VM image or Ubuntu security workstation build
TODO: Publish only for safe internal blue-team exercises; keep intentionally vulnerable targets isolated.
Windows Server 2022 base
definedWindows Server 2022 evaluation or licensed ISO
TODO: Build golden image from valid Microsoft evaluation or customer-licensed media.
Ubuntu Server 24.04
availableUbuntu 24.04 LTS cloud image
Validation checks
SIEM receiving logs
A generated test event appears in the tenant security index.
Firewall rules active
Allowed path works and denied east-west path is blocked.
VM reachable
The VM reports boot complete and responds through the tenant bastion path.