Lab category

SOC Analyst Labs

Alert triage, log analysis, SIEM workflows, and incident investigation

Practice real SOC workflows such as alert triage, log analysis, incident investigation, suspicious login detection, brute-force analysis, phishing investigation, and SIEM alert review.

Browse full catalog All categories

Category snapshot

—

Hands-on labs in this category

Best for: SOC analysts, blue team learners, incident response beginners

…

Hands-on labs

Example scenarios

Learning paths

How it works

Read → practice → document

Every lab follows guided steps so you build real skills with evidence you can reference later.

Review the scenario

Understand the environment, goals, and safety constraints.

Complete guided steps

Follow hands-on tasks with checkpoints along the way.

Capture findings

Document results for interviews, audits, or portfolio work.

Example labs in this category

Investigate Suspicious SSH Login Attempts
Detect Brute-Force Activity from Logs
Analyze Windows Failed Login Events
Review Wazuh Security Alerts
Investigate Malware Alert Scenario
Create an Incident Triage Report
Map Alerts to MITRE ATT&CK Techniques

Catalog

Labs in soc analyst labs

Hands-on exercises focused on this security domain.

Outcomes

What you'll practice

Practice SOC analyst workflows from alert to documented findings
Investigate suspicious logins, brute force, and phishing scenarios
Map alerts to MITRE ATT&CK and build triage muscle memory
Prepare for SOC interviews and blue-team career tracks

Go deeper

Related learning paths

SOC tutorialsLogs, alerts, and IR workflows SOC analyst pathCareer-focused lab sequence SOC team labsFull category catalog

Explore other lab categories

Jump between fundamentals, Linux hardening, SOC, cloud, compliance, and more.

Cybersecurity Fundamentals Labs

CIA triad, threats, authentication, and defensive thinking — hands-on

View category

Linux Security Labs

SSH hardening, permissions, auditd, firewalls, and compliance checks

View category

Web Security Labs

OWASP Top 10, XSS, SQL injection, access control, and secure headers

View category

Ethical Hacking Labs

Recon, enumeration, vulnerability analysis, and responsible reporting

View category

Network Security Labs

Firewalls, VPNs, DNS, packet analysis, and secure network design

View category

Cloud Security Labs

IAM, storage exposure, security groups, logging, and misconfigurations

View category

DevSecOps Labs

CI/CD security, secrets scanning, containers, and pipeline hardening

View category

Compliance & Audit Labs

SOC 2, ISO 27001, CIS controls, and audit-ready evidence

View category

Incident Response Labs

Detection, containment, investigation, evidence, and recovery

View category

Threat Hunting Labs

Hypothesis-driven hunting, anomalies, IOCs, and proactive detection

View category

Active Directory & Identity Security Labs

AD hardening, Kerberos, privileged access, and IAM misconfigurations

View category