Tutorials
Step-by-step guides for SOC training
6 articles

Phishing Email Examples: 15 Analyzed by a SOC Analyst
Phishing email examples analyzed with real analyst eyes: red flags, header tells, and the patterns every security-aware person should recognize.

SIEM Use Cases: 10 Every SOC Runs (With Detection Logic)
SIEM use cases explained with detection logic sketches, data sources, and tuning notes for the 10 detections every SOC team operates.

Windows Event IDs Cheat Sheet: The 31 That Matter
Windows event IDs cheat sheet for SOC analysts: 31 essential security event IDs covering auth, process execution, log tampering, and lateral movement.

Common Ports Cheat Sheet: 42 Ports SOC Analysts Memorize
Common ports cheat sheet for SOC analysts — master the 42 TCP/UDP ports that appear in firewall logs, SIEM alerts, and security interviews every single day.

How to Analyze a Phishing Email: SOC Walkthrough
A step-by-step SOC workflow to analyze a phishing email: safe handling, header forensics, URL and attachment triage, and a documented verdict.

Alert Triage: Real Threats vs False Positives
Alert triage is the core SOC skill — learn the framework analysts use to assess severity, confirm IOCs, and separate real threats from false positives.