Course Content
1
Log Fundamentals & the Linux Logging Stack (journald, rsyslog, /var/log)
5 lessons- 1Navigate /var/log and Identify Critical SOC Log Files28 min
- 2Query System Logs with journalctl Filters, Priorities, and Time Ranges28 min
- 3Decode Log Anatomy: Timestamps, Facilities, Severities, and PIDs28 min
- 4Configure rsyslog to Forward Logs to a Central Collector30 min
- 5Integrate the Logging Stack: Build a Triage Cheat Sheet32 min
2
Wireshark: Capturing and Analyzing Network Traffic for Threats
5 lessons- 1Capture Live Traffic and Apply BPF Capture Filters in Wireshark28 min
- 2Dissect TCP Handshakes and Spot Port Scans with Display Filters28 min
- 3Analyze DNS and HTTP Traffic to Detect Exfiltration and C2 Beaconing30 min
- 4Follow TCP Streams and Extract IOCs from TLS Handshakes30 min
- 5Build an IOC Report from a Breach PCAP File32 min
3
Splunk: Ingesting Logs and Hunting Threats with SPL
4 lessons4
Alert Triage and Investigation Workflow
4 lessons5