HomeCoursesIncident Response & SOC Fundamentals

🚨 Incident Response & SOC Fundamentals

Free training for Incident Response & SOC Fundamentals with a signed certificate. Learn the modules, pass the 10-question exam, EN/FR/AR, no account.

Last updated: June 2026

A free, trilingual course on running a modern Security Operations Center and handling cyber incidents end-to-end. It follows the NIST SP 800-61 incident-response life cycle — preparation, detection & analysis, containment/eradication/recovery, and post-incident activity — and shows how SOC tiers, SIEM/SOAR tooling, the MITRE ATT&CK framework, threat intelligence and key metrics fit together. Rich visual lessons, original questions, and a 10-question final exam (80% to pass). It maps to NIST SP 800-61 / SOC operations. The course is organized into 7 modules, ending with a final exam (pass mark 80%). It is free awareness-level training designed for anyone who needs a practical, working understanding of the topic.

What you'll learn

  • The SOC & the IR Life Cycle
  • SOC Structure, Roles & Tiers
  • Phase 1 — Preparation
  • Phase 2 — Detection, Analysis & SOC Tooling
  • Triage, Classification & Prioritisation
  • Phase 3 — Containment, Eradication & Recovery
  • Phase 4 — Post-Incident, Metrics & Threat Intel

Learning objectives

  • Describe the four phases of the NIST SP 800-61 incident-response life cycle
  • Explain SOC structure — Tier 1/2/3 analysts, threat hunting, engineering and management roles
  • Use core SOC tooling — SIEM, SOAR, EDR/XDR, IDS/IPS and threat-intelligence platforms
  • Classify and prioritise incidents by functional and informational impact and recoverability
  • Apply containment, eradication and recovery strategies without destroying evidence
  • Map adversary behaviour to the MITRE ATT&CK framework and the Cyber Kill Chain
  • Preserve forensic evidence and maintain chain of custody
  • Track SOC performance with MTTD, MTTR, dwell time and other key metrics
  • Sit a 10-question final exam (80% to pass)