🚨 Incident Response & SOC Fundamentals
Free training for Incident Response & SOC Fundamentals with a signed certificate. Learn the modules, pass the 10-question exam, EN/FR/AR, no account.
Last updated: June 2026
A free, trilingual course on running a modern Security Operations Center and handling cyber incidents end-to-end. It follows the NIST SP 800-61 incident-response life cycle — preparation, detection & analysis, containment/eradication/recovery, and post-incident activity — and shows how SOC tiers, SIEM/SOAR tooling, the MITRE ATT&CK framework, threat intelligence and key metrics fit together. Rich visual lessons, original questions, and a 10-question final exam (80% to pass). It maps to NIST SP 800-61 / SOC operations. The course is organized into 7 modules, ending with a final exam (pass mark 80%). It is free awareness-level training designed for anyone who needs a practical, working understanding of the topic.
What you'll learn
- The SOC & the IR Life Cycle
- SOC Structure, Roles & Tiers
- Phase 1 — Preparation
- Phase 2 — Detection, Analysis & SOC Tooling
- Triage, Classification & Prioritisation
- Phase 3 — Containment, Eradication & Recovery
- Phase 4 — Post-Incident, Metrics & Threat Intel
Learning objectives
- Describe the four phases of the NIST SP 800-61 incident-response life cycle
- Explain SOC structure — Tier 1/2/3 analysts, threat hunting, engineering and management roles
- Use core SOC tooling — SIEM, SOAR, EDR/XDR, IDS/IPS and threat-intelligence platforms
- Classify and prioritise incidents by functional and informational impact and recoverability
- Apply containment, eradication and recovery strategies without destroying evidence
- Map adversary behaviour to the MITRE ATT&CK framework and the Cyber Kill Chain
- Preserve forensic evidence and maintain chain of custody
- Track SOC performance with MTTD, MTTR, dwell time and other key metrics
- Sit a 10-question final exam (80% to pass)