Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
SOC Level 2: Digital Forensics, Threat Hunting & SIEM
Rating: 4.9 out of 5(9 ratings)
73 students

SOC Level 2: Digital Forensics, Threat Hunting & SIEM

Learn DFIR, Threat Hunting, and SIEM Analysis using Splunk, Volatility, Zeek, and real-world SOC investigation scenarios
Last updated 11/2025
Arabic

What you'll learn

  • Investigate cybersecurity incidents using professional DFIR methodologies.
  • Perform memory and network forensics using tools like Volatility, Zeek, and Wireshark.
  • Correlate and analyze logs in SIEM platforms like Splunk and QRadar.
  • Apply MITRE ATT&CK techniques for threat hunting and build complete incident reports.

Course content

10 sections66 lectures48h 31m total length
  • Introduction21:19
  • Tryhackme Introduction14:45
  • Cyber Kill Chain Framework1:11:26
  • MITRE ATT&CK (TTP)1:15:42
  • MITRE ATT&CK
  • MISP (CTI)29:07
  • Tryhackme Part 1
  • Project 1 : Attack & Defend: SOC Operations in a Simulated Enterprise

Requirements

  • Basic understanding of networking, operating systems, or SOC fundamentals is recommended.
  • Access to a virtual lab or VMware/VirtualBox for hands-on exercises.

Description

Become a Professional SOC Analyst Level 2 — Master DFIR, Threat Hunting, and SIEM Operations

This course is designed to help cybersecurity professionals and students advance from SOC Tier 1 to Tier 2 level by mastering real-world investigation techniques.

You’ll start by learning Digital Forensics and Incident Response (DFIR) fundamentals — including disk imaging, memory forensics, and evidence analysis using FTK Imager, Autopsy, and Volatility 3.

Then, you’ll move into Network Forensics, where you’ll analyze packet captures with Wireshark, Zeek, Brim, and Network Miner to detect malicious activities and data exfiltration.

The course also covers Threat Hunting using the MITRE ATT&CK Framework, and you’ll practice building hypotheses, correlating logs, and identifying attacker techniques within Splunk and QRadar SIEM platforms.

Finally, you’ll complete a Capstone Project that simulates a real cyber incident — combining DFIR, Threat Intelligence, and SIEM analysis into a professional incident report.

Whether you’re a cybersecurity student, SOC analyst, or IT engineer exploring blue team operations, this course provides the hands-on skills, structured workflows, and professional mindset you need to excel in any Security Operations Center.

Tools Used: FTK Imager, Autopsy, Volatility, Wireshark, Zeek, Brim, Network Miner, Splunk, QRadar, MISP, and OpenCTI.

Join now and start your journey to becoming a CyberGuardX-trained SOC Analyst.

Who this course is for:

  • SOC Tier 1 analysts who want to advance their investigation and DFIR skills.
  • Cybersecurity students or professionals aiming to specialize in blue team and incident response.