Core Concepts
Core Concepts
Understand the fundamental concepts of SOC operations and alert handling.
Core Concepts
Master these fundamental concepts to become an effective SOC analyst.
Key Topics
Alerts
Understanding alert types, severities, and sources.
Triage
Making quick, accurate decisions on incoming alerts.
Correlation
Connecting related alerts to see the full picture.
The SOC Workflow
Alert Generated → Triage → Investigation → Response → Resolution
↑ ↓
└──── Correlation ────────┘- Alert Generated - Security tools detect suspicious activity
- Triage - Quick assessment to prioritize response
- Investigation - Deep dive into the alert context
- Response - Take action to contain or remediate
- Resolution - Document and close the incident
MITRE ATT&CK Framework
SOC Simulator maps all scenarios to the MITRE ATT&CK framework:
| Tactic | Description |
|---|---|
| Reconnaissance | Gathering information |
| Initial Access | Getting into the network |
| Execution | Running malicious code |
| Persistence | Maintaining access |
| Privilege Escalation | Getting higher permissions |
| Defense Evasion | Avoiding detection |
| Credential Access | Stealing credentials |
| Discovery | Learning the environment |
| Lateral Movement | Moving through the network |
| Collection | Gathering target data |
| Exfiltration | Stealing data out |
| Impact | Disruption or destruction |
Your progress across these techniques is tracked on your profile.