From Zero to Battle-Ready SOC Analyst
15+ real enterprise tools. 40+ hands-on labs. YARA. Sigma. Incident Response. Not simulations. Not slides. Real SOC work.
Built on CyberBlueSOC — an open-source platform with Wazuh, Suricata, MISP, Velociraptor, TheHive, Cortex, Shuffle, and more. One install. Everything included.
Tools You’ll Master
Every tool is pre-installed in CyberBlueSOC. One install. Nothing extra to configure.
Wazuh
Log management, alert generation, compliance monitoring
Suricata + EveBox
Network intrusion detection, alert management, traffic analysis
MISP + ATT&CK
IOC management, threat feeds, technique mapping
Velociraptor
Endpoint investigation, artifact collection, VQL hunting
YARA
Rule-based malware detection, 523+ community rules included
Sigma
Universal detection rules, 3,047+ rules, SIEM conversion
TheHive + Cortex
Case management, automated analysis, observable enrichment
Shuffle (SOAR)
Playbook automation, tool integration, workflow orchestration
CyberChef
Decoding, deobfuscation, data transformation
Full Syllabus
10 modules. 40+ hands-on labs. From SOC fundamentals through YARA, Sigma, incident response, and automation. Click any module to see topics and labs.
Operation Shadow Breach
Everything you’ve learned. One full-scale incident. All tools. No hints. You’re the analyst. Your SOC receives alerts at 02:00 AM…
Detection
Review the alert queue. Identify 5 real alerts among 30+ events. Triage and prioritize.
Wazuh, EveBoxInvestigation
Pivot from alerts: who is the user? what host? what process? what IP? Build the timeline.
Wazuh, VelociraptorThreat Intel
Look up every IOC. What campaign? What malware family? What else should you look for?
MISP, ATT&CK NavigatorHunt
Write a YARA rule for the malware. Write a Sigma rule for the technique. Deploy both. Scan for more victims.
YARA, Sigma, Velociraptor, WazuhRespond
Create the case. Document everything. Make containment recommendations. Write the incident report.
TheHive, CortexAutomate
Build one Shuffle playbook that would have caught this faster next time.
Shuffle8 Deliverables Required to Pass
CyberBlueSOC Certified Analyst
CBSCA
Prove your skills with a practical exam. Not multiple choice guessing — a real incident to investigate.
Part 1: Knowledge (60 min)
- ▶40 multiple-choice questions
- ▶SOC fundamentals, triage methodology, threat intel
- ▶YARA rule concepts & syntax
- ▶Sigma detection concepts & conversion
- ▶IR lifecycle & case management
Part 2: Practical Lab (180 min)
- ▶Multi-stage attack investigation scenario
- ▶Triage alerts in Wazuh and EveBox
- ▶Investigate endpoint with Velociraptor
- ▶Write 1 YARA rule + 1 Sigma rule
- ▶Create TheHive case + incident report
Simple, Transparent Pricing
Start free. Upgrade when you’re ready for the full experience. Cancel anytime.
Free
Get started with core materials and self-hosted labs
- Learning materials & written content
- Self-hosted labs (CyberBlueSOC)
- Community Discord access
- Module 1 full access
- Progress tracking
- Quizzes & assessments
- Certification exam
- Lab guides for Modules 2-10
Learner
Full access to all content, labs, quizzes, and certification
- All 10 modules + Final Mission
- 40+ lab guides with screenshots
- All quizzes & assessments
- Progress tracking & dashboard
- CBSCA certification exam (3 attempts)
- Completion badges
- Priority Discord support
Pro
Everything in Learner plus career support and mentorship
- Everything in Learner
- 2x monthly mentorship calls
- Resume & LinkedIn review
- Interview preparation
- Job board access
- Early access to new content
- Future: cloud-hosted labs
Universities & teams: custom pricing from $5K/year. Contact us