SOC Level 2

Price
$1,999.00 USD

Duration
3 Days

 

Delivery Methods
Virtual Instructor Led
Private Group

Request More Information
Download Course Details
Course Details Only
Course Details & Schedule
Skip to Class Dates

Course Overview

Security Operations (SOC) 201 is an advanced course designed to elevate your ability to detect, investigate, and respond to complex cyber threats at scale. Building on the foundational skills from SOC 101, this course focuses on developing an effective investigative methodology and mastering the responsibilities of an Incident Responder or Threat Hunter.

Through hands-on labs and realistic scenarios, you’ll investigate sophisticated threats across enterprise environments, applying advanced techniques aligned with the MITRE ATT&CK framework. The curriculum emphasizes proactive threat hunting as part of a continuous detection and response cycle, helping analysts identify active threats, uncover security gaps, and improve future investigations.

By the end of the course, you'll be equipped with the mindset, tools, and methodologies needed to confidently investigate incidents, trace root causes, and respond effectively to advanced adversaries.

This course includes an Exam Vouchers for TCM Security’s Practical SOC Analyst Professional (PSAP) certification – Launching September 2025. Each exam voucher includes 1 exam attempt and is valid for 12-months from the course completion date or certification release date.

What Is Included

  • 3 Days (24 Hours) of Live Instruction
  • Exam Voucher
    • Professional SOC Analyst Professional (PSAP) Exam Certification Voucher (Launching September 2025) – Intermediate
    • 1 exam attempt included
    • NO multiple-choice; NO capture the flag
    • 2 days to complete assessment
    • 2 days to complete report
  • 25+ Hours on On-Demand Training (6 months access)
  • SOC Level 2: 10+ Online Labs w/ Access Post-Training (50 hours access)
  • Private Discord Cohort and Instructor Access

Course Objectives

  • Develop a robust and reliable investigator's mindset to approach incidents methodically
  • Learn industry-standard methodologies and tools for detecting, hunting, and responding to cyber threats across enterprise environments
  • Gain experience performing incident response and threat hunting at scale
  • Learn to investigate and identify advanced adversary tactics following the MITRE ATT&CK framework, including execution artifacts, lateral movement, credential theft, living off the land techniques, persistence, defense evasion, command and control, and many more
  • Learn to perform effective attack timeline analysis, and guide effective incident response and remediation efforts
  • Investigate the root cause of security incidents by uncovering the entry point

Who Should Attend?

SOC 201 is designed for individuals seeking to advance their defensive security skills beyond foundational knowledge. Ideal candidates include those already familiar with core SOC concepts who are ready to develop expertise in investigating and responding to sophisticated cyber threats. This course is suited for Tier 2 Security/SOC Analysts, Tier 3 Security/SOC Analysts, Incident Responders, Threat Hunters, Digital Forensic Examiners.
  • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
  • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
  • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
  • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
  • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
  • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

Learning Credits: Learning Credits can be purchased well in advance of your training date to avoid having to commit to specific courses or dates. Learning Credits allow you to secure your training budget for an entire year while eliminating the administrative headache of paying for individual classes. They can also be redeemed for a full year from the date of purchase. If you have previously purchased a Learning Credit agreement with New Horizons, you may use a portion of your agreement to pay for this class.

If you have questions about Learning Credits, please contact your Account Manager.

Course Prerequisites

This course relies heavily on working with IR investigations and forensic artifacts, but does not cover learning basic analysis tools. It is strongly recommended to have taken or be familiar with the Security Operations (SOC) 101 material and its prerequisites, which includes experience with:

  • Networking Fundamentals: Practical Help Desk (PHD) or equivalent
  • Operating System Fundamentals: Practical Help Desk (PHD) or equivalent
  • Security Operations Fundamentals
  • Network Traffic Analysis
  • Endpoint Security Monitoring
  • Log Analysis and Management
  • Security Information and Event Management (SIEM)
  • Basic Digital Forensics Exposure

Agenda

Day 1:

  • Understanding the modern adversary
  • Introduction to incident response
  • Incident decision making
  • Introduction to threat hunting
  • Threat hunting teams, data sources, and maturity models
  • Cyber threat intelligence
  • Exploring the MITRE ATT&CK Navigator
  • Structured and unstructured threat hunting
  • Data transformation techniques
  • Data transformation in the command-line, PowerShell, and Splunk
  • Searching, aggregations, statistics, and visualizations

Day 2:

  • Understanding and categorizing anomalies
  • Masquerading
  • Ambiguous identifiers
  • Frequency and volume anomalies
  • Temporal anomalies
  • Location and environmental anomalies
  • Structure and format anomalies
  • Absence and suppression anomalies
  • Entropy analysis
  • Dissecting threat reports
  • Threat hunting lab
  • Tracing an attack chain
  • Hunting execution
  • Hunting malicious process trees
  • Hunting persistence
  • Hunting defense evasion
  • Hunting command and control
  • Hunting lateral movement

Day 3:

  • Collection at scale
  • Collection with WMI
  • PowerShell 101
  • PowerShell remoting
  • Remote collection frameworks
  • Triage artifact collection with KAPE
  • Incident response with Velociraptor
  • Windows memory structures
  • The Volatility framework
  • Process analysis
  • Command line analysis
  • Network analysis
  • Registry analysis
 

Upcoming Class Dates and Times

Oct 27-29
9:00 AM - 5:00 PM
ENROLL $1,999.00 USD
Weekday Sessions / Guaranteed to Run
Virtual: Online - EST
Dec 8-10
9:00 AM - 5:00 PM
ENROLL $1,999.00 USD
Weekday Sessions / Guaranteed to Run
Virtual: Online - EST
CourseID: 3606113E
               
 



Do You Have Additional Questions? Please Contact Us Below.

contact us contact us 
Contact Us about Starting Your Business Training Strategy with New Horizons