I had a chance to try AEGIS Certification for SOC Analyst and Threat Hunters developed by Cyber Struggle, whom I know from their outstanding RANGER training and certification.

I can break down this certification into three parts. The first part is the monitoring, threat detection, and incident handling activities going on 7/24. There is IBM Qradar as the SIEM of the CSOC network, and more integrations are on the way, such as Splunk, Alienvault, etc. I properly experimented with most of the MITRE ATT&CK vectors and TTP’s in the lab such as obfuscated commands, pivoting techniques, PowerShell payloads, and many more real-world scenarios

The second part is studying attack vectors by conducting them in the offensive labs. There you can practice AD-specific attack techniques and many more. They also provide you test machines where you can observe your own activity from logs while performing the attacks. You can use these to test and optimize your SIEM rules.

The last part is the soft skills improvement. You have a portal like a project management system of a corporation. You have weekly tasks, backlogs, daily standups, weekly retrospectives, weekly sprints, and so on. There are also random incidents that you may encounter. You are asked to detect, analyze and report them in a timely manner.