Now Enrolling

SOC Analyst โ€” Intermediate

Blue Ascent: Tier-2 Enterprise Investigations & Detection Engineering

15
Units
63
Labs
54
Concepts
๐ŸŽ“ Enroll once — get full access to all CyberAI courses
CSOC-I Earn the CyberAI Certified SOC Analyst โ€” Intermediate certification
๐Ÿ›ก๏ธ
Course Highlights
What You'll Master
โœ“ Tier-2 SIEM Investigations
โœ“ Detection Engineering (Sigma/YARA)
โœ“ ATT&CK-Driven Threat Hunting
โœ“ DFIR & Cloud SOC
Starting at $70 $50/mo

Built by a Panel of Industry Experts

Every lab and lesson was designed and reviewed by practitioners across multiple security domains.

๐ŸŽฏ Incident Response Leadership ๐Ÿ“ก SOC Operations โ˜๏ธ Cloud Security ๐Ÿ” Threat Intelligence ๐Ÿ•ต๏ธ Digital Forensics โš–๏ธ Risk & Governance ๐Ÿ’ผ Executive Communication ๐Ÿ“‹ Compliance & Policy
๐ŸŒ

Real-world Scenarios

๐Ÿงช

Hands-on Labs

๐Ÿข

Enterprise-ready Skills

๐Ÿง 

Practical Decision-making

๐ŸŽฏ Our Learning Approach

Problem-Based Learning

Learn by doing, not just reading. Our scenarios place you in the hot seat.

โšก

Challenge

Face realistic incident scenarios with incomplete information and time pressure

โ†’
๐Ÿ’ฅ

Fail

Make mistakes in a safe environment and see the consequences unfold

โ†’
๐Ÿ’ก

Learn

Understand why your approach failed and discover the underlying principles

โ†’
โœ…

Solve

Apply your new knowledge to resolve the scenario correctly

Course Syllabus

Your Learning Journey

15 comprehensive units with 34 sections, each packed with hands-on labs and in-depth course content to build job-ready SOC analyst skills.

๐ŸŽ‰ CSOC-I Certification Available!

You've completed enough content to earn your CSOC-I (CyberAI Certified SOC Analyst โ€” Intermediate) certification.

Unit 1: Tier-2 Foundations โ€” Enterprise Telemetry, Normalization, ATT&CK Deep & D3FEND

Tier-2 Foundations โ€” Enterprise Telemetry, Normalization, ATT&CK Deep & D3FEND โ€” Blue Ascent.

1.1 From Tier-1 Triage to Tier-2 Investigation

๐Ÿงช Labs

๐Ÿ“– Course Content

1.2 Enterprise Telemetry & Normalization

๐Ÿงช Labs

๐Ÿ“– Course Content

1.3 ATT&CK Deep, D3FEND & Coverage

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 2: SIEM Investigations I โ€” Microsoft Sentinel & KQL Hunting

SIEM Investigations I โ€” Microsoft Sentinel & KQL Hunting โ€” Blue Ascent.

2.1 Sentinel Incidents & KQL Foundations for Investigation

๐Ÿงช Labs

๐Ÿ“– Course Content

2.2 KQL Hunting & Entity Investigation

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 3: SIEM Investigations II โ€” Splunk ES, SPL, CIM & Risk-Based Alerting

SIEM Investigations II โ€” Splunk ES, SPL, CIM & Risk-Based Alerting โ€” Blue Ascent.

3.1 SPL for Investigations & the CIM

๐Ÿงช Labs

๐Ÿ“– Course Content

3.2 Enterprise Security Notables & Risk-Based Alerting

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 4: SIEM Investigations III โ€” Elastic Security (EQL) & IBM QRadar

SIEM Investigations III โ€” Elastic Security (EQL) & IBM QRadar โ€” Blue Ascent.

4.1 Elastic Security

๐Ÿงช Labs

๐Ÿ“– Course Content

4.2 IBM QRadar

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 5: EDR/XDR Investigations & Containment

EDR/XDR Investigations & Containment โ€” Blue Ascent.

5.1 The EDR Investigation Workflow

๐Ÿงช Labs

๐Ÿ“– Course Content

5.2 Response, Containment & Cross-Domain Correlation

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 6: Deep Windows Event, Sysmon & PowerShell Analysis

Deep Windows Event, Sysmon & PowerShell Analysis โ€” Blue Ascent.

6.1 Process & Execution Reconstruction

๐Ÿงช Labs

๐Ÿ“– Course Content

6.2 Logon, Session & PowerShell Analysis

๐Ÿงช Labs

๐Ÿ“– Course Content

6.3 Persistence & Host Timeline

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 7: Deep Linux Logging & Investigations (auditd/journald)

Deep Linux Logging & Investigations (auditd/journald) โ€” Blue Ascent.

7.1 Linux Auth, Journald & Command Recovery

๐Ÿงช Labs

๐Ÿ“– Course Content

7.2 auditd & Linux Persistence

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 8: Detection Engineering โ€” Sigma, YARA & Detection Tuning

Detection Engineering โ€” Sigma, YARA & Detection Tuning โ€” Blue Ascent.

8.1 Detection-as-Code with Sigma

๐Ÿงช Labs

๐Ÿ“– Course Content

8.2 Behavioral & Malware Detection

๐Ÿงช Labs

๐Ÿ“– Course Content

8.3 Tuning & False-Positive Reduction

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 9: Active Directory & Authentication Investigations

Active Directory & Authentication Investigations โ€” Blue Ascent.

9.1 AD & Kerberos Investigations

๐Ÿงช Labs

๐Ÿ“– Course Content

9.2 Cloud Identity & Authentication

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 10: Lateral Movement & Persistence Detection

Lateral Movement & Persistence Detection โ€” Blue Ascent.

10.1 Lateral Movement Detection

๐Ÿงช Labs

๐Ÿ“– Course Content

10.2 Persistence Detection & Movement Graph

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 11: Email, Network & Intermediate Malware Investigations

Email, Network & Intermediate Malware Investigations โ€” Blue Ascent.

11.1 Email Investigations (Deep)

๐Ÿงช Labs

๐Ÿ“– Course Content

11.2 Network & Web Investigations

๐Ÿงช Labs

๐Ÿ“– Course Content

11.3 Intermediate Malware Triage

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 12: Threat Intelligence Integration & ATT&CK-Driven Hunting

Threat Intelligence Integration & ATT&CK-Driven Hunting โ€” Blue Ascent.

12.1 Operationalizing Intelligence

๐Ÿงช Labs

๐Ÿ“– Course Content

12.2 Intel-Driven & TTP Hunting

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 13: DFIR Workflows โ€” Triage Collection, Artifacts, Memory & Timelining

DFIR Workflows โ€” Triage Collection, Artifacts, Memory & Timelining โ€” Blue Ascent.

13.1 Triage Collection & Windows Artifacts

๐Ÿงช Labs

๐Ÿ“– Course Content

13.2 Memory Triage & Timelining

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 14: Cloud SOC Fundamentals + Case Management, Alert Prioritization & Detection Quality

Cloud SOC Fundamentals + Case Management, Alert Prioritization & Detection Quality โ€” Blue Ascent.

14.1 Cloud SOC Investigations & IR

๐Ÿงช Labs

๐Ÿ“– Course Content

14.2 Case Management, Prioritization & Detection Quality

๐Ÿงช Labs

๐Ÿ“– Course Content

Unit 15: Capstone โ€” Operation Cobalt Ledger โ€” End-to-End Enterprise Intrusion at Nimbus Financial

Capstone โ€” Operation Cobalt Ledger โ€” End-to-End Enterprise Intrusion at Nimbus Financial โ€” Blue Ascent.

15.1 The Brief

๐Ÿงช Labs

๐Ÿ“– Course Content

15.2 The Investigation

๐Ÿงช Labs

๐Ÿ“– Course Content

AI-Powered Learning

Your Personal SOC AI Assistant

Enrolled students get access to an AI tutor trained on all course material. Ask questions about SOC analysis, get explanations, and deepen your understanding โ€” anytime.

Trained on all 15 units, 34 sections
10 AI interactions per day
Contextual follow-up conversations
Available 24/7 while enrolled
What's the difference between containment and eradication?
Containment focuses on limiting the spread of an incident (e.g., network segmentation, account lockdown), while eradication involves removing the root cause entirely...

Ready to Reach Tier-2 SOC Analyst?

Join thousands of security professionals advancing their blue-team careers.

๐Ÿ’ฐ
๐ŸŒŸ Referral Partner Program

Earn Lifetime Rewards by Referring Cybersecurity Professionals

Share CyberAI Education with your network and earn 30% commission on every referral โ€” for life. Your referral chain grows your passive income with each new enrollment.

๐Ÿ’Ž Join the Partner Program Learn How It Works โ†’
Processing...