Now Enrolling — CyberBlueSOC Fundamentals

From Zero to Battle-Ready SOC Analyst

15+ real enterprise tools. 40+ hands-on labs. YARA. Sigma. Incident Response. Not simulations. Not slides. Real SOC work.

Built on CyberBlueSOC — an open-source platform with Wazuh, Suricata, MISP, Velociraptor, TheHive, Cortex, Shuffle, and more. One install. Everything included.

Start Learning — FreeView Full Syllabus
10+
Modules
40+
Hands-On Labs
60+
Hours of Content
15+
Real Tools
The Problem
3.5M
Unfilled cybersecurity jobs worldwide
The Barrier
$8,000+
Typical SANS course cost
Our Answer
$29/mo
Same quality. Real tools. Hands-on.

Tools You’ll Master

Every tool is pre-installed in CyberBlueSOC. One install. Nothing extra to configure.

SIEM12+ hours

Wazuh

Log management, alert generation, compliance monitoring

NIDS6+ hours

Suricata + EveBox

Network intrusion detection, alert management, traffic analysis

Threat Intel6+ hours

MISP + ATT&CK

IOC management, threat feeds, technique mapping

EDR6+ hours

Velociraptor

Endpoint investigation, artifact collection, VQL hunting

Malware Detection6+ hours

YARA

Rule-based malware detection, 523+ community rules included

Detection Engineering6+ hours

Sigma

Universal detection rules, 3,047+ rules, SIEM conversion

Incident Response6+ hours

TheHive + Cortex

Case management, automated analysis, observable enrichment

Automation4+ hours

Shuffle (SOAR)

Playbook automation, tool integration, workflow orchestration

UtilitiesThroughout hours

CyberChef

Decoding, deobfuscation, data transformation

Full Syllabus

10 modules. 40+ hands-on labs. From SOC fundamentals through YARA, Sigma, incident response, and automation. Click any module to see topics and labs.

FINAL MISSION

Operation Shadow Breach

Everything you’ve learned. One full-scale incident. All tools. No hints. You’re the analyst. Your SOC receives alerts at 02:00 AM…

1

Detection

Review the alert queue. Identify 5 real alerts among 30+ events. Triage and prioritize.

Wazuh, EveBox
2

Investigation

Pivot from alerts: who is the user? what host? what process? what IP? Build the timeline.

Wazuh, Velociraptor
3

Threat Intel

Look up every IOC. What campaign? What malware family? What else should you look for?

MISP, ATT&CK Navigator
4

Hunt

Write a YARA rule for the malware. Write a Sigma rule for the technique. Deploy both. Scan for more victims.

YARA, Sigma, Velociraptor, Wazuh
5

Respond

Create the case. Document everything. Make containment recommendations. Write the incident report.

TheHive, Cortex
6

Automate

Build one Shuffle playbook that would have caught this faster next time.

Shuffle

8 Deliverables Required to Pass

1Triage worksheet (30 alerts classified)
2Investigation timeline (minute-by-minute)
3Threat intel brief (campaign + IOCs + ATT&CK map)
4Custom YARA rule (tested, zero false positives)
5Custom Sigma rule (converted, deployed to Wazuh)
6TheHive case (complete with observables & tasks)
7Incident report (executive + technical)
8Shuffle playbook (working automation)

CyberBlueSOC Certified Analyst

CBSCA

Prove your skills with a practical exam. Not multiple choice guessing — a real incident to investigate.

Part 1: Knowledge (60 min)

  • 40 multiple-choice questions
  • SOC fundamentals, triage methodology, threat intel
  • YARA rule concepts & syntax
  • Sigma detection concepts & conversion
  • IR lifecycle & case management

Part 2: Practical Lab (180 min)

  • Multi-stage attack investigation scenario
  • Triage alerts in Wazuh and EveBox
  • Investigate endpoint with Velociraptor
  • Write 1 YARA rule + 1 Sigma rule
  • Create TheHive case + incident report
80%
Passing Score
4 Hours
Total Exam Time
$49
3 attempts included • Free with Learner/Pro

Simple, Transparent Pricing

Start free. Upgrade when you’re ready for the full experience. Cancel anytime.

Free

$0forever

Get started with core materials and self-hosted labs

  • Learning materials & written content
  • Self-hosted labs (CyberBlueSOC)
  • Community Discord access
  • Module 1 full access
  • Progress tracking
  • Quizzes & assessments
  • Certification exam
  • Lab guides for Modules 2-10
Most Popular

Learner

$29/month

Full access to all content, labs, quizzes, and certification

  • All 10 modules + Final Mission
  • 40+ lab guides with screenshots
  • All quizzes & assessments
  • Progress tracking & dashboard
  • CBSCA certification exam (3 attempts)
  • Completion badges
  • Priority Discord support

Pro

$99/month

Everything in Learner plus career support and mentorship

  • Everything in Learner
  • 2x monthly mentorship calls
  • Resume & LinkedIn review
  • Interview preparation
  • Job board access
  • Early access to new content
  • Future: cloud-hosted labs

Universities & teams: custom pricing from $5K/year. Contact us