TryHackMe — SOC Level 1 Learning Path

Hands-on SOC training covering SIEM/EDR/SOAR concepts, phishing analysis, traffic analysis with Wireshark, and detection frameworks (MITRE, Kill Chain, Pyramid of Pain).

This project documents my ongoing progress through the TryHackMe SOC Level 1 learning path, designed to develop practical, job-relevant skills for a junior SOC analyst role. The training emphasizes real-world workflows: alert triage, event correlation, log/traffic investigation, and structured incident response in collaboration with wider teams.

Focus Areas

The path covers core defensive capabilities across people, process, and technology:
  • SOC Fundamentals — SOC roles, escalation workflows, severity, and operational discipline.
  • Core SOC Tooling — concepts and workflows across SIEM, EDR, and SOAR.
  • Defensive Frameworks — applying MITRE ATT&CK, Cyber Kill Chain, and Pyramid of Pain to structure detection and response.
  • Phishing Analysis — email artefact analysis, link and attachment triage, and attacker tradecraft identification.
  • Network Traffic Analysis — Wireshark-driven investigation to detect malicious patterns and validate hypotheses.
  • Security Monitoring — web, Windows, and Linux monitoring concepts for detection engineering and triage.

Practical Outcomes

Through lab-driven exercises, I strengthened my ability to:
  • Triage alerts and form an investigation plan based on evidence quality and business impact.
  • Extract and interpret indicators of compromise (IOCs) from logs, traffic, and email artefacts.
  • Map observed activity to standardized frameworks (e.g., MITRE) to improve clarity and reporting.
  • Build a defensible incident timeline and propose containment and remediation actions.

Evidence & Progress

- Path status: in progress (SOC Level 1). - Recent milestone: Phish Hunter (Phishing Analysis room series completed).

Tags: SOC, Blue Team, SIEM, Incident Response, Phishing, Wireshark