for me i will prefer start with soc level 1 course
it will learn you how to Monitor and investigate alerts , how to deal with siem , how to deal with Endpoint Security Monitoring and how to analysis network packet
the course also learn you some good overview about Digital Forensics and Incident Response and phishing mail analysis
After it , let's start the realy shit study CCD course
why i said to study this course , the Security Operations Fundamentals domain of the course It is really full of terminology and some powerful concepts that someone might need at the beginning of the road , the course have same domain of Soc level 1 but more deeper
BTL 1
this course is like my iconic course , because the lab's of this course are really good , talk about real life examle , even talk how to hadel something from powershell and cmd , have same domain as CCD , but have a siem domain talking about splunk .
SEC450: Blue Team Fundamentals: Security Operations and Analysis
this Course is reccomendation from my friend Khaled Allam
the course talk about How to collect, organize, and use relevant threat data in a Threat Intelligence Platform (TIP) Principles of success for endpoint security data collection whether you use a SIEM, EDR, or XDR Alert Triage - How to quickly and accurately triage security incidents, using clever data correlation and enrichment techniques that will immediately surface and sort true positives from false positives How to best use incident management systems to effectively analyze, document, track, and extract critical metrics from your security incidents Crafting automation workflows for common SOC activities, relieving analysts of boring tasks and freeing up time for better threat hunting and detection engineering
SC-200: Microsoft Security Operations Analyst
this course learn you how to deal with ATP endpoint and how to write a KQL query , how to handel incident At ATP by using KQl , you will learn about Sentinel endpoint
Eng Mostafa Yahia SOC Investigation Course
it's talk about some real life use case and how to start handel it , like phishing Url , how to analysis email header and firewall log analysis
