SOC Analyst Platform | Comprehensive Lab

Security Operations Center Training Environment

๐Ÿ›กComprehensive data analysis | real scenarios | interactive learning

2026-05-30 04:14
SOC ๐Ÿ”— SOC Simulator
๐Ÿ“ˆ Total Events
--
โš ๏ธ Critical (sev5)
--
๐Ÿšซ Block Rate
--%
Severity Distribution
Top Alert Types
Daily Event Trend (14 days)
Actions (Block/Allow)
๐Ÿ’ก Smart Insights
Loading insights...
๐Ÿ”Ž Filter Logs
TimestampSource IPDest IPProtoActionSevAlert TypeDetails
Loading logs...
๐Ÿ““ Security Analysis Notebook (run cells to execute queries)
In [1]:
# Count total events
SELECT COUNT(*) FROM logs;
(not run)
In [2]:
# High + Critical severity
SELECT COUNT(*) FROM logs WHERE severity >= 4;
(not run)
In [3]:
# Top 3 alert types
SELECT alert_type, COUNT(*) FROM logs GROUP BY alert_type ORDER BY COUNT(*) DESC LIMIT 3;
(not run)
In [4]:
# Noisiest source IP
SELECT source_ip, COUNT(*) FROM logs GROUP BY source_ip ORDER BY COUNT(*) DESC LIMIT 1;
(not run)
In [5]:
# Block percentage
SELECT ROUND(SUM(CASE WHEN action='BLOCK' THEN 1 ELSE 0 END)*100.0/COUNT(*),1) FROM logs;
(not run)
$ SOC Analyst Terminal
> SOC terminal ready. Type 'help' for commands.
๐Ÿ’ก Example: show alerts severity=5 , stats , top sources
๐Ÿ’€ Ransomware Campaign
Simulated attack: encryption of file shares, lateral movement.
Critical
๐ŸŽฃ Phishing Attack
User clicked malicious link โ†’ credential harvest โ†’ data exfiltration.
High
๐Ÿ•ธ๏ธ Lateral Movement
PsExec, WMI, SMB attacks moving east-west.
High
๐Ÿ“œ Scenario Details & Investigation Guide
Click a scenario card to see detailed analysis and guided exercises.