TryHackMe — SOC Level 1 Learning Path
Hands-on SOC training covering SIEM/EDR/SOAR concepts, phishing analysis, traffic analysis with Wireshark, and detection frameworks (MITRE, Kill Chain, Pyramid of Pain).
This project documents my ongoing progress through the TryHackMe SOC Level 1 learning path, designed to develop practical, job-relevant skills for a junior SOC analyst role. The training emphasizes real-world workflows: alert triage, event correlation, log/traffic investigation, and structured incident response in collaboration with wider teams.
Focus Areas
The path covers core defensive capabilities across people, process, and technology:
- SOC Fundamentals — SOC roles, escalation workflows, severity, and operational discipline.
- Core SOC Tooling — concepts and workflows across SIEM, EDR, and SOAR.
- Defensive Frameworks — applying MITRE ATT&CK, Cyber Kill Chain, and Pyramid of Pain to structure detection and response.
- Phishing Analysis — email artefact analysis, link and attachment triage, and attacker tradecraft identification.
- Network Traffic Analysis — Wireshark-driven investigation to detect malicious patterns and validate hypotheses.
- Security Monitoring — web, Windows, and Linux monitoring concepts for detection engineering and triage.
Practical Outcomes
Through lab-driven exercises, I strengthened my ability to:
- Triage alerts and form an investigation plan based on evidence quality and business impact.
- Extract and interpret indicators of compromise (IOCs) from logs, traffic, and email artefacts.
- Map observed activity to standardized frameworks (e.g., MITRE) to improve clarity and reporting.
- Build a defensible incident timeline and propose containment and remediation actions.
Evidence & Progress
- Path status: in progress (SOC Level 1). - Recent milestone: Phish Hunter (Phishing Analysis room series completed).
Tags: SOC, Blue Team, SIEM, Incident Response, Phishing, Wireshark