Description
Duration: 3 days
Security Operations (SOC) 201 is an advanced course that builds on SOC 101 fundamentals, focusing on detection, investigation, and response to complex threats across enterprise environments. The course emphasizes developing a structured investigative methodology and prepares students for roles such as Incident Responder or Threat Hunter. Students work through hands-on labs and realistic scenarios using techniques mapped to the MITRE ATT&CK framework. Upon completion, students will have the skills and methodologies needed to investigate incidents, identify root causes, and respond to advanced adversaries.
Target Audience
- Tier 2 Security/SOC Analysts
- Tier 3 Security/SOC Analysts
- Incident Responders
- Threat Hunters
- Digital Forensic Examiners
Prerequisites
- Networking Fundamentals: Practical Help Desk (PHD) or equivalent
- Operating System Fundamentals: Practical Help Desk (PHD) or equivalent
- Security Operations Fundamentals
- Network Traffic Analysis
- Endpoint Security Monitoring
- Log Analysis and Management
- Security Information and Event Management (SIEM)
- Basic Digital Forensics Exposure
What’s included?
- Authorized Courseware
- Intensive Hands on Skills Development with an Experienced Subject Matter Expert
- Hands on practice on real Servers and extended lab support 1.800.482.3172
- Examination Vouchers & Onsite Certification Testing – (excluding Adobe and PMP Boot Camps)
- Academy Code of Honor: Test Pass Guarantee
- Optional: Package for Hotel Accommodations, Lunch and Transportation
With several convenient training delivery methods offered, The Code Academy makes getting the training you need easy. Whether you prefer to learn in a classroom or an online live learning virtual environment, training videos hosted online, and private group classes hosted at your site. We offer expert instruction to individuals, government agencies, non-profits, and corporations. Our live classes, on-sites, and online training videos all feature certified instructors who teach a detailed curriculum and share their expertise and insights with trainees. No matter how you prefer to receive the training, you can count on The Code Academy for an engaging and effective learning experience.
Methods
- Instructor Led (the best training format we offer)
- Live Online Classroom – Online Instructor Led
- Self-Paced Video
Speak to an Admissions Representative for complete details
| Start | Finish | Public Price | Public Enroll | Private Price | Private Enroll |
|---|---|---|---|---|---|
| 5/25/2026 | 5/27/2026 | ||||
| 6/15/2026 | 6/17/2026 | ||||
| 7/6/2026 | 7/8/2026 | ||||
| 7/27/2026 | 7/29/2026 | ||||
| 8/17/2026 | 8/19/2026 | ||||
| 9/7/2026 | 9/9/2026 | ||||
| 9/28/2026 | 9/30/2026 | ||||
| 10/19/2026 | 10/21/2026 | ||||
| 11/9/2026 | 11/11/2026 | ||||
| 11/30/2026 | 12/2/2026 | ||||
| 12/21/2026 | 12/23/2026 | ||||
| 1/11/2027 | 1/13/2027 | ||||
| 2/1/2027 | 2/3/2027 | ||||
| 2/22/2027 | 2/24/2027 | ||||
| 3/15/2027 | 3/17/2027 | ||||
| 4/5/2027 | 4/7/2027 | ||||
| 4/26/2027 | 4/28/2027 |
Learning Objectives
- Build a structured investigator’s mindset for approaching security incidents methodically
- Apply industry-standard tools and methodologies for detecting, hunting, and responding to threats across enterprise environments
- Practice performing incident response and threat hunting at scale
- Identify and investigate advanced adversary tactics using the MITRE ATT&CK framework, including execution artifacts, lateral movement, credential theft, living-off-the-land techniques, persistence, defense evasion, and command and control
- Conduct attack timeline analysis to support incident response and remediation efforts
- Determine the root cause and initial entry point of security incidents
Course Outline
Module Day 1: Adversary Understanding, Incident Response, and Threat Hunting Foundations
Introduces the modern adversary landscape, incident response concepts, and incident decision-making. Covers the fundamentals of threat hunting including team structures, data sources, and maturity models. Addresses cyber threat intelligence, use of the MITRE ATT&CK Navigator, structured and unstructured hunting approaches, and data transformation using the command line, PowerShell, and Splunk, including searching, aggregations, statistics, and visualizations.
Module Day 2: Anomaly Analysis and Advanced Threat Hunting
Examines how to identify and categorize anomalies, including masquerading, ambiguous identifiers, frequency and volume anomalies, temporal anomalies, location and environmental anomalies, structure and format anomalies, absence and suppression anomalies, and entropy analysis. Includes analysis of threat reports, threat hunting labs, attack chain tracing, and hands-on hunting covering execution, malicious process trees, persistence, defense evasion, command and control, and lateral movement.
Module Day 3: Large-Scale Collection, Incident Response Tools, and Memory Analysis
Covers large-scale data collection using WMI, PowerShell fundamentals, PowerShell remoting, remote collection frameworks, and triage artifact collection with KAPE. Introduces incident response workflows using Velociraptor and covers Windows memory structures, the Volatility framework, and analysis techniques for processes, command lines, network traffic, and the registry.
