Cybersecurity, learned like a practitioner.

24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.

24
Learning paths
398+
Live modules
0
You've completed
Free
Your tier
Browse the academy

Blue Team / SOC Operations · modules

How defenders actually work. SOC structure, SIEM, detection engineering, EDR, and malware triage.

10 results · Page 1/1
Filtering: Track: Blue Team / SOC Operations × Level: Intermediate × Clear all →
Blue Team / SOC Operations Intermediate Free

Module 19 · SOC Metrics That Actually Drive Improvement

The bad metrics Total alerts processed — measures volume, not value. Encourages keeping noisy rules. Alerts per analyst per shift — encourages superficial triage. Closed-without-investigation rate — encourages closure, not analysis. Mean-time-to-acknowledge alone — encourages clicking without thinking. The good metrics For analysts Mean Time To Detect (MTTD): from compromise to detection. Hard to measure […]

May 14, 2026 30 min Open
Blue Team / SOC Operations Intermediate Free

Module 12 · DNS-Based Detection Strategy

Why this module exists. Almost every internet attack starts with a DNS query — beaconing to C2, exfiltration via DNS tunneling, phishing-link resolution, malware updating itself. DNS logs are the highest-signal-per-byte log source in your environment, and most SOCs underuse them. What DNS logs reveal Beaconing — same source contacting same destination at fixed intervals […]

Apr 27, 2026 25 min Open
Blue Team / SOC Operations Intermediate Free

Module 13 · SOC Metrics & MTTR Reduction

Why this module exists. “Is our SOC effective?” CISOs need a measurable answer. Common metrics — alert volume, ticket count — measure activity, not effectiveness. The metrics that matter are MTTD (mean time to detect), MTTR (mean time to respond), false-positive rate, and ATT&CK technique coverage. Each has a target; each has specific operational levers. […]

Apr 27, 2026 25 min Open
Blue Team / SOC Operations Intermediate Free

Module 8 · Log Management at Scale — Patterns and Pitfalls

Why this module exists. Logs are the SOC’s primary data. Bad log architecture means missed detections, slow investigations, and impossible audit response. Good architecture means hunts complete in seconds and forensic timelines reconstruct in hours. The difference is mostly upfront planning. The log-management problem in 2026 numbers A medium Indian enterprise (5,000 endpoints, 200 servers, […]

Apr 27, 2026 30 min Open
Blue Team / SOC Operations Intermediate Free

Module 9 · SOAR Playbooks — Practical Automation

Why this module exists. SOAR (Security Orchestration, Automation, Response) is the highest-leverage SOC investment after a competent SIEM. Done right, it cuts MTTR by 60-80%. Done wrong, it generates false confidence (“our automation handled it”) while alerts pile up in queues. The difference is playbook design discipline. What SOAR actually does Three layers of automation: […]

Apr 27, 2026 30 min Open
Blue Team / SOC Operations Intermediate Free

Module 11 · Email Security & Phishing Triage

Why this module exists. Email is still the primary initial-access vector in 2026. Verizon DBIR: ~30% of breaches start with phishing. Modern phishing is sophisticated (AI-generated content, MFA-aware), and email-security tools have advanced (sandboxing, behavioural detection, DMARC enforcement). Defenders who haven’t kept pace have a 2018-grade email defence. The four phishing variants you’ll see Bulk […]

Apr 27, 2026 30 min Open
Blue Team / SOC Operations Intermediate Members

Module 4 · EDR Fundamentals

EDR telemetry, process lineage, response actions, vendor landscape, and the live-response triage sequence.

Apr 22, 2026 90 min Open
Blue Team / SOC Operations Intermediate Members

Module 3 · Detection Engineering with Sigma

Sigma rule anatomy, the two mistakes beginners make, tuning workflow, and detection-as-code in Git.

Apr 22, 2026 90 min Open
Blue Team / SOC Operations Intermediate Members

Module 2 · SIEM Fundamentals

SIEM architecture, log pipeline, parsing and normalization, retention tiering, and vendor landscape for 2026.

Apr 22, 2026 90 min Open
Blue Team / SOC Operations Intermediate Free

Module 7 · Threat Hunting Workflow

Threat hunting is proactive — actively searching for adversary activity that automated detection missed. Unlike SOC triage (reactive, works from alerts), hunting starts with a hypothesis and tests it against available data. This module covers the workflow, the hypothesis-driven method, and practical queries to start hunting tonight. Why hunt Automated detections catch KNOWN patterns; hunts […]

Apr 19, 2026 90 min Open
02 / Why learn here

Practitioners who've
shipped the controls.

Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.

Why learn here

01

Practitioner-written.

Each lesson is authored by someone who has shipped the control or run the engagement in production.

02

Quiz after every module.

20+ questions with explanations. 70%+ to mark complete. Unlimited retries.

03

Progress tracked.

Completions, scores and streaks saved automatically. Resume exactly where you left off.

04

India-priced.

Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.

Pick a path, get to work.

Browse all 398 modules View skill map