Practical Security Investigation with Splunk, Wazuh, Osquery | Udemy

Welcome to the SOC Analyst Masterclass: Security Investigation with Splunk, Wazuh, and Osquery!

This course is designed to give you the skills and confidence to investigate, detect, and respond to real-world security incidents using leading open-source and enterprise SOC tools. Whether you’re starting your SOC career or looking to enhance your security investigation skills, this hands-on, step-by-step program will guide you through the complete process of setting up a virtual SOC lab, understanding different log types, and mastering investigation techniques.

This is a practical, Learn-by-Doing course — you’ll not only understand the theory but also build your own SOC lab, work with real logs, and replicate real-world investigation scenarios. You’ll get detailed demonstrations, guided exercises, and ready-to-use commands for Splunk, Wazuh, and Osquery so you can follow along at your own pace.

In this course, you will cover:

• SOC & SIEM Fundamentals: Understand SOC roles, functions, tools, and processes. Learn core SIEM concepts and how they fit into security monitoring.
• Log Types & Data Sources: Explore Windows (Event Logs, Sysmon), Linux (Syslog, Auth), and network logs (Firewall, DNS, HTTP) to understand their value in threat detection.
• Lab Setup & Tools Installation: Build your own SOC lab from scratch, including Splunk, Wazuh Manager, Kali Linux, and supporting infrastructure using VMware or VirtualBox.
• Security Investigations with Splunk: Perform hands-on analysis with SPL commands to investigate brute force attacks, DNS beaconing, suspicious file transfers, compromised accounts, and unauthorized cloud access.
• Threat Detection with Wazuh: Investigate file modifications, brute force activity, vulnerabilities, and learn how Wazuh rules trigger alerts.
• Endpoint Forensics with Osquery: Run live queries to collect endpoint data, investigate anomalies, and support incident response efforts.

By the end of this course, you will have the ability to:

• Confidently investigate security incidents using Splunk, Wazuh, and Osquery
• Understand how to analyze logs from multiple sources for accurate threat detection
• Build and manage your own virtual SOC lab for continuous practice
• Apply your skills to real-world SOC scenarios and improve your incident response capabilities

Who this course is for:

• Aspiring SOC analysts, blue team members, and cybersecurity enthusiasts
• IT professionals looking to transition into security operations
• Anyone who wants practical, hands-on SOC investigation experience with industry tools

Get ready to take your security investigation skills to the next level — I’ll see you in the course!