Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Practical Security Investigation with Splunk, Wazuh, Osquery
Rating: 4.6 out of 5(48 ratings)
458 students

Practical Security Investigation with Splunk, Wazuh, Osquery

Master SOC fundamentals, incident response, log analysis, and threat detection with Splunk, Wazuh and OSquery labs,
Last updated 9/2025
English

What you'll learn

  • Fundamentals of SOC and Role of an SOC analyst
  • Fundamentals of SIEM
  • Hands-on with Splunk and conduct security investigation
  • How to use Wazuh for alerts and vulnerability detection
  • How to hunt endpoints with Osquery for deep forensics

Course content

7 sections43 lectures3h 55m total length
  • What is a SOC9:05
  • Role of a SOC Analyst5:48

    Drive security operations across level one to level three in a SOC, triaging alerts, conducting incident response and malware analysis, and proactively hunting threats with Splunk, SIEM, and EDR.

  • Overview of SOC Tools and Technologies7:32

    Explore SoC tools from sim to edr, threat intel, incident response tools, and itsm, showing how logs from firewalls and endpoints are analyzed, correlated, and turned into alerts and incidents.

  • Understanding SIEM7:17

    Understand how a security information and event management tool collects, normalizes, and analyzes logs from devices and servers to detect threats, support investigation, and enable real-time response.

Requirements

  • Basics of Computers
  • Basic knowledge IT Network Protocols

Description

Welcome to the SOC Analyst Masterclass: Security Investigation with Splunk, Wazuh, and Osquery!

This course is designed to give you the skills and confidence to investigate, detect, and respond to real-world security incidents using leading open-source and enterprise SOC tools. Whether you’re starting your SOC career or looking to enhance your security investigation skills, this hands-on, step-by-step program will guide you through the complete process of setting up a virtual SOC lab, understanding different log types, and mastering investigation techniques.

This is a practical, Learn-by-Doing course — you’ll not only understand the theory but also build your own SOC lab, work with real logs, and replicate real-world investigation scenarios. You’ll get detailed demonstrations, guided exercises, and ready-to-use commands for Splunk, Wazuh, and Osquery so you can follow along at your own pace.

In this course, you will cover:

  • SOC & SIEM Fundamentals: Understand SOC roles, functions, tools, and processes. Learn core SIEM concepts and how they fit into security monitoring.

  • Log Types & Data Sources: Explore Windows (Event Logs, Sysmon), Linux (Syslog, Auth), and network logs (Firewall, DNS, HTTP) to understand their value in threat detection.

  • Lab Setup & Tools Installation: Build your own SOC lab from scratch, including Splunk, Wazuh Manager, Kali Linux, and supporting infrastructure using VMware or VirtualBox.

  • Security Investigations with Splunk: Perform hands-on analysis with SPL commands to investigate brute force attacks, DNS beaconing, suspicious file transfers, compromised accounts, and unauthorized cloud access.

  • Threat Detection with Wazuh: Investigate file modifications, brute force activity, vulnerabilities, and learn how Wazuh rules trigger alerts.

  • Endpoint Forensics with Osquery: Run live queries to collect endpoint data, investigate anomalies, and support incident response efforts.

By the end of this course, you will have the ability to:

  • Confidently investigate security incidents using Splunk, Wazuh, and Osquery

  • Understand how to analyze logs from multiple sources for accurate threat detection

  • Build and manage your own virtual SOC lab for continuous practice

  • Apply your skills to real-world SOC scenarios and improve your incident response capabilities

Who this course is for:

  • Aspiring SOC analysts, blue team members, and cybersecurity enthusiasts

  • IT professionals looking to transition into security operations

  • Anyone who wants practical, hands-on SOC investigation experience with industry tools

Get ready to take your security investigation skills to the next level — I’ll see you in the course!

Who this course is for:

  • IT or Network Engineer
  • Freshers
  • SOC analyst
  • Network Security Engineer
  • System Administrator