SOC Analyst Level 1

Get job-ready for your first Security Operations Center role. Learn how to detect, triage, and respond to security incidents using industry-standard tools and frameworks.

📚 4 topic areas🔗 12 curated resources📝 10 quiz questions

What you'll cover

The Threat Landscape

Understand the types of attackers, their motivations, and the most common attack vectors targeting organizations today.

🔗

MITRE ATT&CK Framework

The definitive knowledge base of adversary tactics and techniques

🔗

OWASP Top 10

The 10 most critical web application security risks

🔗

Verizon DBIR (Data Breach Investigations Report)

Annual real-world breach data and threat trends

SIEM & SOAR

Master the tools that power every SOC: Security Information and Event Management systems and Security Orchestration platforms.

📄

SIEM vs SOAR: What's the Difference?

Clear breakdown of SIEM and SOAR — when to use each

🔗

Microsoft Sentinel Documentation

Cloud-native SIEM on Azure

🔗

Splunk Free Training

Splunk Fundamentals 1 — free official course

Incident Response

Learn the 6-phase IR lifecycle: preparation, identification, containment, eradication, recovery, and lessons learned.

🔗

NIST Incident Response Guide (SP 800-61)

The authoritative guide to computer security incident handling

🔗

SANS Incident Response Process

SANS practical guide to IR process

📄

Microsoft Security Copilot for Incident Response

How AI accelerates incident triage and response

Log Analysis & Threat Hunting

Learn to read Windows Event Logs, Linux syslogs, and network flow data to find attacker activity.

🔗

Windows Event Log IDs Cheat Sheet

Searchable encyclopedia of Windows security event IDs

🔗

TryHackMe — SOC Level 1 Path (free tier)

Hands-on labs for SOC fundamentals

🔗

SANS Log Management Guide

Best practices for log collection and analysis

Knowledge Check

Path Summary

Level: Beginner
Estimated time: 10 hours
Topics: 4
Resources: 12
Quiz questions: 10
Passing score: 70% (7/10)

Take the Quiz

Browse all paths

View all 10 paths →