Sound the Alarm: Detection and Response Course Syllabus
Full curriculum breakdown — modules, lessons, estimated time, and outcomes.
Overview: This course provides a practical introduction to detection and response operations in security environments, focusing on foundational skills for SOC roles. Through hands-on labs and real-world scenarios, learners will explore incident detection, network traffic analysis, log investigation, and response procedures. The course spans approximately 15 hours across five modules, culminating in a final project that simulates an end-to-end incident response workflow. Designed for beginners, it emphasizes industry-aligned practices using tools like Wireshark, Suricata, Splunk, and Chronicle.
Module 1: Introduction to Detection & Response
Estimated time: 3 hours
- Understanding the incident response lifecycle: detection, containment, eradication, recovery
- Roles and responsibilities within a Security Operations Center (SOC)
- Introduction to SIEM and IDS technologies
- Basics of incident documentation and reporting
Module 2: Network Monitoring & Packet Analysis
Estimated time: 4 hours
- Fundamentals of TCP/IP and network protocols
- Using packet sniffers: tcpdump and Wireshark
- Applying display and capture filters to isolate traffic
- Identifying suspicious patterns in packet data
Module 3: Incident Investigation & Response
Estimated time: 4 hours
- Applying the NIST incident response framework
- Triage techniques for incoming alerts
- Containment, eradication, and recovery procedures
- Evidence handling and chain of custody principles
Module 4: Log Analysis with SIEM/IDS
Estimated time: 4 hours
- Introduction to SIEM tools: Splunk and Google Chronicle
- Analyzing logs from Suricata IDS
- Writing basic detection signatures
- Querying and correlating log data across systems
Module 5: Final Project
Estimated time: 3 hours
- Analyze a provided packet capture (PCAP) file using Wireshark
- Investigate malicious activity using SIEM tools and VirusTotal
- Document findings and response actions using a standard incident playbook
Prerequisites
- Familiarity with basic networking concepts
- No prior cybersecurity experience required
- Access to a computer with internet connection for lab exercises
What You'll Be Able to Do After
- Explain the incident response lifecycle and team roles in a SOC
- Capture and inspect network traffic to detect anomalies
- Analyze logs using SIEM and IDS tools like Splunk, Chronicle, and Suricata
- Conduct basic incident investigations following NIST guidelines
- Properly document and report security incidents using playbooks and evidence management