Skip to content

Foundations of SecOps

Home

Foundations of SecOps¶

Lab guides for Foundations of Security Operations

Getting Started¶

LAB 0.0: How to Navigate the Labs (Required)
LAB 0.1: Test Subject (Required)
LAB 0.2: Atomic Red Team & Sysmon (Optional)
LAB 0.3: CloudLabs Setup (Required)

Module 1: Ticketing¶

LAB 1.1: Jira Setup (~15 min, Required)
LAB 1.2: Default Jira Ticket Settings (~45 min, Required)
LAB 1.3: Ticket SLA, On-Call, and Notifications (~30 min, Optional)

Module 2: SIEM¶

LAB 2.1: Elastic Setup (~15 min, Required)
LAB 2.2: Fleet and Elastic Agent enrollment (~45 min, Required)
LAB 2.3: Baby's First Query (~30 min, Required)

Module 3: Detection Engineering¶

LAB 3.1: Baby's First Detection (KQL) (~45 min, Required)
LAB 3.2: Testing Detections with Atomic Red Team (~15 min, Required)
LAB 3.3: Baby's Second Detection (EQL) (~45 min, Required)
LAB 3.4: Tuning Detections in Elastic (~15 min, Optional)

Module 4: Investigations¶

LAB 4.1: Alert Investigations (~30 min, Required)
LAB 4.2: Timeline Investigations (~30 min, Optional)
LAB 4.3: Investigation Dashboards (~30 min, Optional)
LAB 4.4: Capstone (~60 min, Required)

Bonus¶

LAB 5.1: (Bonus) Detection Engineering Capstone

Copyright Noct Information Security, LLC. All Rights Reserved.