All tutorials
Tutorial category

SOC & Blue Team tutorials

Operate in the SOC: logs, alerts, and response

Build blue-team skills with SIEM fundamentals, alert triage, log analysis, and incident response workflows using tools like Wazuh, Splunk, and ELK.

Start featured tutorialBrowse full catalog

Featured in this category

Best place to start

SOC Analyst Foundation: Logs, Alerts and Incident Response

Core SOC workflows with labs, alert scenarios, and IR playbooks.

Beginner – Intermediate10–12 hours
Open tutorial

2

Curated tutorials

In catalog

6

Topic areas

How it works

Learn → practice → test → apply

Every tutorial in this category follows the same practical structure so you build real skills, not just theory.

1

Read & understand

Concepts with examples and diagrams

2

Practice

Labs, commands, and scenarios

3

Test yourself

Quizzes and assignments

4

Apply on the job

Checklists and real-world workflows

Start here

Curated tutorials in this category

Hand-picked programs to begin with — each includes chapters, practice, and assessments where available.

Featured

SOC Analyst Foundation: Logs, Alerts and Incident Response

Core SOC workflows with labs, alert scenarios, and IR playbooks.

Beginner – Intermediate10–12 hours

Includes: SOC labs · Checklists · IR scenarios

Start tutorial

Security Monitoring with Wazuh, Splunk and ELK

Practical monitoring, detection rules, and investigation across major SIEM stacks.

Intermediate – Advanced12–14 hours

Includes: Detection rules · SIEM labs · Dashboards

Start tutorial
Browse full tutorial catalog

More topics

Explore other tutorial categories

Jump between fundamentals, offensive security, blue team, cloud, compliance, and more.

Cybersecurity Fundamentals

Build your security foundation from zero

View category

Ethical Hacking

Learn responsible offensive security workflows

View category

Web Application Security

Attack and defend modern web applications

View category

Network Security

Design, segment, and monitor secure networks

View category

Linux Security

Harden Linux systems for production and audits

View category

Incident Response

Respond to incidents with structure and evidence

View category

Cloud Security

Secure cloud workloads, IAM, and logging

View category

DevSecOps

Embed security in CI/CD and cloud-native delivery

View category

Compliance & GRC

Frameworks, controls, and audit-ready evidence

View category

Cryptography

Cryptography concepts for security professionals

View category

Security Tools

Use security tools effectively and responsibly

View category

Outcomes

What you'll gain

  • Triage alerts and investigate suspicious activity
  • Use SIEM dashboards and detection logic
  • Document incidents with clear timelines and evidence
  • Progress from SOC basics to threat hunting tutorials

Topics

Skills & topic areas

SIEMLog analysisAlert triageIncident response
SOC Analyst BasicsSIEM FundamentalsLog AnalysisWazuh MonitoringSplunk Alert InvestigationThreat Hunting Basics

Go deeper

Continue your learning path

Pair tutorials with structured roadmaps, hands-on labs, and related courses.

Career roadmap

Follow a structured path that connects tutorials to job-ready milestones.

View roadmap

Practice labs

Apply what you learn in guided, hands-on lab scenarios.

Browse labs

Full courses

Graduate to multi-week programs with modules, labs, and assessments.

Explore courses

Ready to start learning?

Open the featured tutorial or browse the full catalog filtered for soc & blue team.

Start featured tutorialBrowse all in catalog