SOC & Security Operations Language
5 exercise sets — develop the English vocabulary for day-to-day SOC analyst work: SIEM log analysis and detection rules, structured alert triage and escalation, hypothesis-based threat hunting with MITRE ATT&CK, threat intelligence sharing, and SOAR playbook automation vocabulary.
SIEM Vocabulary
SIEM architecture, detection vs correlation rules, true/false positive classification, log source onboarding, and UEBA behaviour analytics.
Alert Triage
Alert triage process, alert enrichment with context, severity classification language, dismissing false positives, and SOC case documentation.
Threat Hunting
Hypothesis-driven hunting, IOC vs IOA distinctions, TTP-based hunting with MITRE ATT&CK, hunting data techniques, and hunt report writing.
Threat Intelligence
Threat feed types, threat actor profiling, STIX/TAXII exchange standards, indicator lifecycle management, and actionable intelligence language.
SOAR & Playbooks
SOAR vs SIEM distinctions, playbook structure (trigger/condition/action), connector vocabulrary, playbook metrics, and playbook lifecycle communication.