Skip to content

Thank you for taking my workshop!

This is content I truly care about and feel should be more accessible to new players in the industry- so thank you for helping support that goal.

If you have feedback or comments about the course, or questions about anything within it, please feel free to reach out to me directly.

If you want to see more of my content (webcasts, blogs, workshops, etc.) in the future, follow me on either of those social sites where I’ll try to remember that self-promotion isn’t evil!

Want to learn more?

image.png

If you enjoyed this workshop, I have a full-length course that this content is adapted from. While this workshop is designed to be completed in 4 hours, the full 16-hour course offers more detailed learnings on Detection Engineering, as well as covering things like EQL detections, alert investigations, Elastic dashboards, how to work in and on a ticketing system, and all the other skills required to be a SOC analyst. See the more complete list of key takeaways below.

The course can be found here: https://www.antisyphontraining.com/product/foundations-of-security-operations-with-hayden-covington/

Available in person, and on-demand!

The key takeaways of the full course are:

  • Foundations of a SOC
  • SOC Tools and Operations
  • Ticketing System Offerings
  • Jira and Opsgenie configurations
  • What SOC life is like, both the good and the bad
  • Security Information and Event Management (SIEM) Offerings
  • How to Navigate and Use Elasticsearch and Elastic SIEM
  • Elasticsearch Query Languages
  • How to Write a good Query
  • Detection Engineering and Tuning
  • Detection Tuning Risk Management
  • Mapping Your Detections to MITRE ATT&CK
  • Testing Detections with Atomic Red Team (ART)
  • SOC Investigation Fundamentals
  • How to Investigate a SOC Ticket When You’re Stuck
  • How to Write a Good SOC Ticket
  • How to Investigate Common Event Modules
  • How to use Elastic Timelines, Cases, and Dashboards for Your Investigations
  • Investigating Multi-Stage Attacks
  • Open-Source Detections
  • How to Improve Your SOC After the Course
  • How to Apply the Course Learnings to Your Career