Student? Switch to our Career Center Site →
Contact Us

SOC Level 2

Security Operations (SOC) 201 is an advanced course designed to elevate your ability to detect, investigate, and respond to complex cyber threats at scale. Building on the foundational skills from SOC 101, this course focuses on developing an effective investigative methodology and mastering the responsibilities of an Incident Responder or Threat Hunter. Through hands-on labs and realistic scenarios, you’ll investigate sophisticated threats across enterprise environments, applying advanced techniques aligned with the MITRE ATT&CK framework. The curriculum emphasizes proactive threat hunting as part of a continuous detection and response cycle, helping analysts identify active threats, uncover security gaps, and improve future investigations. By the end of the course, you’ll be equipped with the mindset, tools, and methodologies needed to confidently investigate incidents, trace root causes, and respond effectively to advanced adversaries. This course includes an Exam Vouchers for TCM Security’s Practical SOC Analyst Professional (PSAP) certification – Launching September 2025. Each exam voucher includes 1 exam attempt and is valid for 12-months from the course completion date or certification release date.
Select Class Date
Course Details

Price:

$1,999.00

Days:

3

Location:

Course Overview

Security Operations (SOC) 201 is an advanced course designed to elevate your ability to detect, investigate, and respond to complex cyber threats at scale. Building on the foundational skills from SOC 101, this course focuses on developing an effective investigative methodology and mastering the responsibilities of an Incident Responder or Threat Hunter. Through hands-on labs and realistic scenarios, you’ll investigate sophisticated threats across enterprise environments, applying advanced techniques aligned with the MITRE ATT&CK framework. The curriculum emphasizes proactive threat hunting as part of a continuous detection and response cycle, helping analysts identify active threats, uncover security gaps, and improve future investigations. By the end of the course, you’ll be equipped with the mindset, tools, and methodologies needed to confidently investigate incidents, trace root causes, and respond effectively to advanced adversaries. This course includes an Exam Vouchers for TCM Security’s Practical SOC Analyst Professional (PSAP) certification – Launching September 2025. Each exam voucher includes 1 exam attempt and is valid for 12-months from the course completion date or certification release date.
  • Scroll right to view Objectives, Prerequisites, and Agenda

Develop a robust and reliable investigator’s mindset to approach incidents methodically Learn industry-standard methodologies and tools for detecting, hunting, and responding to cyber threats across enterprise environments Gain experience performing incident response and threat hunting at scale Learn to investigate and identify advanced adversary tactics following the MITRE ATT&CK framework, including execution artifacts, lateral movement, credential theft, living off the land techniques, persistence, defense evasion, command and control, and many more Learn to perform effective attack timeline analysis, and guide effective incident response and remediation efforts Investigate the root cause of security incidents by uncovering the entry point

This course relies heavily on working with IR investigations and forensic artifacts, but does not cover learning basic analysis tools. It is strongly recommended to have taken or be familiar with the Security Operations (SOC) 101 material and its prerequisites, which includes experience with: Networking Fundamentals: Practical Help Desk (PHD) or equivalent Operating System Fundamentals: Practical Help Desk (PHD) or equivalent Security Operations Fundamentals Network Traffic Analysis Endpoint Security Monitoring Log Analysis and Management Security Information and Event Management (SIEM) Basic Digital Forensics Exposure

Day 1:

  • Understanding the modern adversary
  • Introduction to incident response
  • Incident decision making
  • Introduction to threat hunting
  • Threat hunting teams, data sources, and maturity models
  • Cyber threat intelligence
  • Exploring the MITRE ATT&CK Navigator
  • Structured and unstructured threat hunting
  • Data transformation techniques
  • Data transformation in the command-line, PowerShell, and Splunk
  • Searching, aggregations, statistics, and visualizations

Day 2:

  • Understanding and categorizing anomalies
  • Masquerading
  • Ambiguous identifiers
  • Frequency and volume anomalies
  • Temporal anomalies
  • Location and environmental anomalies
  • Structure and format anomalies
  • Absence and suppression anomalies
  • Entropy analysis
  • Dissecting threat reports
  • Threat hunting lab
  • Tracing an attack chain
  • Hunting execution
  • Hunting malicious process trees
  • Hunting persistence
  • Hunting defense evasion
  • Hunting command and control
  • Hunting lateral movement

Day 3:

  • Collection at scale
  • Collection with WMI
  • PowerShell 101
  • PowerShell remoting
  • Remote collection frameworks
  • Triage artifact collection with KAPE
  • Incident response with Velociraptor
  • Windows memory structures
  • The Volatility framework
  • Process analysis
  • Command line analysis
  • Network analysis
  • Registry analysis
Select Class Date
Class Dates & Times
Filters Sort results
Reset Apply
06/22/2026 - 06/24/2026
Virtual
09:00:00 to 17:00:00 EST
Enroll Now
$1,999.00
09/21/2026 - 09/23/2026
Virtual
09:00:00 to 17:00:00 EST
Enroll Now
$1,999.00
12/07/2026 - 12/09/2026
Virtual
09:00:00 to 17:00:00 EST
Enroll Now
$1,999.00
— Questions?

Information Request

— Empower Change

Invest in Skills & Equality

Support Diversity, Equity, and Inclusion with Every Purchase.

Great Horizons is a North Carolina Certified HUB Vendor and WOSB. By becoming a patron of our organization, you are not only supporting a historically underutilized business, but a woman-owned small business as well.