Legitimized [GIAC Security Operations Certified (GSOC)] Expert – Led Video Course – MASTERYTRAIL

1. Introduction to Security Operations Centers (SOC)
1.1 Definition of SOC
1.2 Roles within a SOC
1.3 Decimal notation in security event timestamps
1.4 Decimal representation in event counters
1.5 Decimal values in log severity
1.6 Decimal subnetting in IP addresses
1.7 Decimal percentages in reporting
1.8 Decimal hours in shift scheduling
1.9 Decimal-based asset tagging
1.10 Decimal metrics in SOC KPIs

2. Incident Response Fundamentals
2.1 What is an Incident?
2.2 Decimal time-stamping of incidents
2.3 Calculating Mean Time to Detect (MTTD)
2.4 Decimal Mean Time to Respond (MTTR)
2.5 Decimal probability in incident occurrence
2.6 Decimal-based priority scoring
2.7 Decimal indicators in incident severity
2.8 Decimal thresholds for alerts
2.9 Decimal values in escalation matrices
2.10 Decimal enumeration in incident lists

3. Log Management and Analysis
3.1 Types of Logs
3.2 Decimal representation of log sizes
3.3 Decimal epoch time interpretation
3.4 Decimal-based log retention policies
3.5 Decimal frequency of log entries
3.6 Parsing decimal fields in logs
3.7 Decimal error codes
3.8 Decimal event IDs
3.9 Decimal-based log correlations
3.10 Decimal confidence scores in log analysis

4. Network Security Monitoring
4.1 Decimal subnetting
4.2 Decimal-based port numbers
4.3 Decimal CIDR notation
4.4 Decimal packet sizes
4.5 Decimal-based bandwidth monitoring
4.6 Decimal attack rates
4.7 Decimal thresholds for anomaly detection
4.8 Decimal metrics in flow analysis
4.9 Decimal time windows for monitoring
4.10 Decimal-based intrusion detection settings

5. Threat Intelligence
5.1 Decimal scoring of threats
5.2 Decimal-based threat level classification
5.3 Decimal probabilities in threat modeling
5.4 Decimal-based timeline analysis
5.5 Decimal values in reputation scoring
5.6 Decimal threat actor IDs
5.7 Decimal-based TTP (Tactics, Techniques, Procedures) codes
5.8 Decimal frequency of threat occurrences
5.9 Decimal-based IOC (Indicator of Compromise) scoring
5.10 Decimal weights in threat prioritization

6. SIEM Technology Overview
6.1 Decimal-based event normalization
6.2 Decimal storage quotas
6.3 Decimal-based correlation rules
6.4 Decimal scoring in event prioritization
6.5 Decimal event aggregation
6.6 Decimal-based reporting intervals
6.7 Decimal time synchronization
6.8 Decimal log ingestion rates
6.9 Decimal false positive rates
6.10 Decimal values in SIEM dashboards

7. Vulnerability Management
7.1 Decimal-based CVSS scoring
7.2 Decimal tracking of vulnerabilities
7.3 Decimal number of affected systems
7.4 Decimal patch prioritization
7.5 Decimal risk assessment
7.6 Decimal days to remediate
7.7 Decimal-based vulnerability age
7.8 Decimal exploitability scores
7.9 Decimal severity distribution
7.10 Decimal vulnerability recurrence rates

8. Malware Analysis Basics
8.1 Decimal hash values
8.2 Decimal-based file sizes
8.3 Decimal timestamps in malware behavior
8.4 Decimal infection rates
8.5 Decimal-based process IDs
8.6 Decimal detection scores
8.7 Decimal-based sandbox results
8.8 Decimal memory usage
8.9 Decimal prevalence rates
8.10 Decimal-based IOC counts

9. Firewall and IDS/IPS Management
9.1 Decimal rule priorities
9.2 Decimal-based port filtering
9.3 Decimal logging frequencies
9.4 Decimal-based connection counts
9.5 Decimal false positive/negative rates
9.6 Decimal alert thresholds
9.7 Decimal packet inspection rates
9.8 Decimal-based policy IDs
9.9 Decimal timeouts in rules
9.10 Decimal-based rule hit counts

10. Security Policies and Procedures
10.1 Decimal versioning of policies
10.2 Decimal-based compliance rates
10.3 Decimal periodic reviews
10.4 Decimal-based policy IDs
10.5 Decimal time intervals for audits
10.6 Decimal-based exception tracking
10.7 Decimal policy effectiveness metrics
10.8 Decimal percentage of policy adherence
10.9 Decimal-based corrective action counts
10.10 Decimal risk reduction factors

11. User and Entity Behavior Analytics (UEBA)
11.1 Decimal anomaly scores
11.2 Decimal-based activity frequencies
11.3 Decimal thresholds for user alerts
11.4 Decimal baseline calculation
11.5 Decimal-based risk scores
11.6 Decimal event counts per user
11.7 Decimal time deviations
11.8 Decimal-based peer comparison
11.9 Decimal percentage changes
11.10 Decimal aggregation of entity behaviors

12. Security Event Triage
12.1 Decimal-based triage scoring
12.2 Decimal incident prioritization
12.3 Decimal urgency indicators
12.4 Decimal response time targets
12.5 Decimal false alarm rates
12.6 Decimal-based escalation levels
12.7 Decimal event grouping
12.8 Decimal resource allocation
12.9 Decimal-based ticket aging
12.10 Decimal distribution analysis

13. Security Metrics and Reporting
13.1 Decimal KPIs
13.2 Decimal-based SLA tracking
13.3 Decimal incident closure rates
13.4 Decimal trend analysis
13.5 Decimal mean/median calculations
13.6 Decimal-based reporting intervals
13.7 Decimal risk quantification
13.8 Decimal progress tracking
13.9 Decimal-based compliance percentages
13.10 Decimal error margins

14. Playbooks and Automation
14.1 Decimal-based playbook steps
14.2 Decimal automation success rates
14.3 Decimal execution times
14.4 Decimal-based task priorities
14.5 Decimal error rates in automation
14.6 Decimal time saved metrics
14.7 Decimal-based workflow IDs
14.8 Decimal playbook versioning
14.9 Decimal automation coverage
14.10 Decimal manual intervention rates

15. Endpoint Security Monitoring
15.1 Decimal-based endpoint counts
15.2 Decimal event rates per endpoint
15.3 Decimal detection rates
15.4 Decimal-based risk scores
15.5 Decimal threat prevalence
15.6 Decimal response times
15.7 Decimal endpoint patch levels
15.8 Decimal incident frequency
15.9 Decimal endpoint health scores
15.10 Decimal-based policy adherence

16. Cloud Security Operations
16.1 Decimal-based asset counts
16.2 Decimal cloud event rates
16.3 Decimal-based access controls
16.4 Decimal incident rates in cloud
16.5 Decimal-based compliance scores
16.6 Decimal cloud resource utilization
16.7 Decimal session durations
16.8 Decimal cloud threat detection rates
16.9 Decimal-based SLA adherence
16.10 Decimal data transfer volumes

17. Forensics Fundamentals
17.1 Decimal-based evidence IDs
17.2 Decimal timestamp precision
17.3 Decimal data recovery rates
17.4 Decimal-based hash comparisons
17.5 Decimal evidence integrity scores
17.6 Decimal chain-of-custody steps
17.7 Decimal analysis timeframes
17.8 Decimal file size calculations
17.9 Decimal percentage of evidence reviewed
17.10 Decimal case closure rates

18. Ticketing and Case Management
18.1 Decimal-based ticket IDs
18.2 Decimal ticket closure rates
18.3 Decimal time-to-resolution
18.4 Decimal SLA compliance
18.5 Decimal case prioritization
18.6 Decimal escalation frequencies
18.7 Decimal case aging metrics
18.8 Decimal open case percentages
18.9 Decimal repeat case rates
18.10 Decimal documentation thoroughness

19. Security Awareness and Training
19.1 Decimal-based training completion rates
19.2 Decimal assessment scores
19.3 Decimal frequency of phishing simulations
19.4 Decimal improvement metrics
19.5 Decimal-based risk reduction calculations
19.6 Decimal tracking of training hours
19.7 Decimal attendance rates
19.8 Decimal-based knowledge retention
19.9 Decimal incident reduction post-training
19.10 Decimal policy acknowledgment rates

20. Data Loss Prevention (DLP)
20.1 Decimal-based policy IDs
20.2 Decimal event detection rates
20.3 Decimal false positive rates
20.4 Decimal-based incident counts
20.5 Decimal data flow volumes
20.6 Decimal violation frequencies
20.7 Decimal remediation times
20.8 Decimal policy effectiveness
20.9 Decimal user compliance rates
20.10 Decimal data exfiltration attempts

21. Managing Security Tools and Technologies
21.1 Decimal tool versioning
21.2 Decimal license usage
21.3 Decimal asset coverage
21.4 Decimal update frequencies
21.5 Decimal error rates in tools
21.6 Decimal integration counts
21.7 Decimal alert generation rates
21.8 Decimal mean time between failures
21.9 Decimal cost per asset
21.10 Decimal tool performance metrics

22. Security Operations Team Collaboration
22.1 Decimal-based shift scheduling
22.2 Decimal communication frequencies
22.3 Decimal task assignment rates
22.4 Decimal response time tracking
22.5 Decimal incident handover metrics
22.6 Decimal-based collaboration tool usage
22.7 Decimal conflict resolution rates
22.8 Decimal productivity measures
22.9 Decimal cross-team ticket counts
22.10 Decimal training hours per member

23. Legal and Regulatory Compliance
23.1 Decimal compliance percentages
23.2 Decimal frequency of audits
23.3 Decimal incident reporting times
23.4 Decimal-based control IDs
23.5 Decimal policy enforcement rates
23.6 Decimal penalty calculations
23.7 Decimal remediation frequencies
23.8 Decimal evidence retention periods
23.9 Decimal compliance gap analysis
23.10 Decimal regulatory change tracking

24. Encryption and Key Management
24.1 Decimal key lengths
24.2 Decimal certificate validity periods
24.3 Decimal encryption rates
24.4 Decimal key rotation frequencies
24.5 Decimal-based incident counts
24.6 Decimal decryption success rates
24.7 Decimal key usage tracking
24.8 Decimal-based audit trails
24.9 Decimal certificate distribution
24.10 Decimal compliance with encryption standards

25. Security Monitoring Architecture
25.1 Decimal-based asset counts
25.2 Decimal event flow rates
25.3 Decimal sensor deployment metrics
25.4 Decimal monitoring coverage
25.5 Decimal detection latency
25.6 Decimal alerting frequencies
25.7 Decimal redundancy percentages
25.8 Decimal false alarm rates
25.9 Decimal scaling factors
25.10 Decimal network segmentation counts

26. Attack Techniques and Tactics
26.1 Decimal-based technique IDs
26.2 Decimal occurrence rates
26.3 Decimal tactic success percentages
26.4 Decimal detection difficulty scores
26.5 Decimal duration of attacks
26.6 Decimal-based impact scoring
26.7 Decimal attacker persistence rates
26.8 Decimal user impact percentages
26.9 Decimal remediation times
26.10 Decimal reporting frequencies

27. Risk Management in SOC
27.1 Decimal risk scoring
27.2 Decimal impact probabilities
27.3 Decimal risk mitigation rates
27.4 Decimal-based asset risk values
27.5 Decimal threat likelihoods
27.6 Decimal risk reduction metrics
27.7 Decimal periodic risk assessments
27.8 Decimal risk acceptance rates
27.9 Decimal residual risk calculations
27.10 Decimal control effectiveness

28. Security Architecture Reviews
28.1 Decimal vulnerability detection rates
28.2 Decimal architecture component counts
28.3 Decimal-based risk scoring
28.4 Decimal compliance percentages
28.5 Decimal time allocation
28.6 Decimal issue resolution rates
28.7 Decimal architectural change counts
28.8 Decimal user impact analysis
28.9 Decimal cost estimation
28.10 Decimal improvement metrics

29. Threat Hunting Practices
29.1 Decimal-based hunt IDs
29.2 Decimal frequency of hunts
29.3 Decimal detection success rates
29.4 Decimal time spent per hunt
29.5 Decimal-based threat indicators
29.6 Decimal hypothesis testing rates
29.7 Decimal evidence collection percentages
29.8 Decimal remediation findings
29.9 Decimal hunt documentation thoroughness
29.10 Decimal improvement tracking

30. Phishing and Social Engineering Response
30.1 Decimal incident reporting rates
30.2 Decimal detection rates
30.3 Decimal user awareness percentages
30.4 Decimal response times
30.5 Decimal number of campaigns
30.6 Decimal false positive rates
30.7 Decimal phishing link click rates
30.8 Decimal training effectiveness
30.9 Decimal incident recurrence rates
30.10 Decimal remediation times

31. Security Patch Management
31.1 Decimal patch counts
31.2 Decimal deployment frequencies
31.3 Decimal patch success rates
31.4 Decimal failure rates
31.5 Decimal time-to-patch
31.6 Decimal asset coverage
31.7 Decimal patch compliance percentages
31.8 Decimal risk reduction per patch
31.9 Decimal regression incidents
31.10 Decimal patch prioritization scores

32. Use Case Development
32.1 Decimal-based use case IDs
32.2 Decimal detection rates
32.3 Decimal false positive/negative rates
32.4 Decimal event coverage
32.5 Decimal development time
32.6 Decimal use case success rates
32.7 Decimal refinement cycles
32.8 Decimal asset applicability
32.9 Decimal business impact scores
32.10 Decimal improvement metrics

33. Asset Management in SOC
33.1 Decimal asset IDs
33.2 Decimal risk ratings
33.3 Decimal asset coverage percentages
33.4 Decimal lifecycle stages
33.5 Decimal vulnerability exposure
33.6 Decimal asset discovery rates
33.7 Decimal asset type counts
33.8 Decimal asset performance metrics
33.9 Decimal asset update frequencies
33.10 Decimal decommissioning rates

34. Secure Remote Access Monitoring
34.1 Decimal remote session counts
34.2 Decimal login durations
34.3 Decimal failed login rates
34.4 Decimal incident rates
34.5 Decimal device compliance
34.6 Decimal access control effectiveness
34.7 Decimal MFA adoption rates
34.8 Decimal session timeouts
34.9 Decimal user coverage percentages
34.10 Decimal response times

35. Security Data Normalization
35.1 Decimal normalization rules
35.2 Decimal data fields
35.3 Decimal event frequency
35.4 Decimal data mapping rates
35.5 Decimal normalization error rates
35.6 Decimal log source counts
35.7 Decimal parsing success rates
35.8 Decimal time savings
35.9 Decimal data accuracy percentages
35.10 Decimal normalization completeness

36. Metrics-Driven SOC Improvement
36.1 Decimal KPI tracking
36.2 Decimal improvement targets
36.3 Decimal incident reduction rates
36.4 Decimal response time improvements
36.5 Decimal false positive decreases
36.6 Decimal tool performance metrics
36.7 Decimal training impact
36.8 Decimal process optimization percentages
36.9 Decimal customer satisfaction scores
36.10 Decimal reporting accuracy

37. SOC Communication Protocols
37.1 Decimal communication frequency
37.2 Decimal response time targets
37.3 Decimal escalation levels
37.4 Decimal incident notification rates
37.5 Decimal handover quality scores
37.6 Decimal approval rates
37.7 Decimal feedback metrics
37.8 Decimal protocol versioning
37.9 Decimal improvement tracking
37.10 Decimal cross-team communication rates

38. Secure Configuration Management
38.1 Decimal configuration item IDs
38.2 Decimal compliance rates
38.3 Decimal audit frequencies
38.4 Decimal misconfiguration rates
38.5 Decimal configuration change counts
38.6 Decimal rollback frequencies
38.7 Decimal configuration drift percentages
38.8 Decimal error rates
38.9 Decimal configuration baseline adherence
38.10 Decimal incident reductions

39. Insider Threat Detection
39.1 Decimal risk scoring
39.2 Decimal incident frequencies
39.3 Decimal detection latency
39.4 Decimal false positive rates
39.5 Decimal user behavior deviation
39.6 Decimal incident impact
39.7 Decimal investigation rates
39.8 Decimal remediation times
39.9 Decimal repeated offenses
39.10 Decimal reporting rates

40. Security Assessment and Auditing
40.1 Decimal assessment IDs
40.2 Decimal finding counts
40.3 Decimal remediation rates
40.4 Decimal audit frequencies
40.5 Decimal compliance percentages
40.6 Decimal risk reduction per audit
40.7 Decimal control effectiveness
40.8 Decimal assessment coverage
40.9 Decimal audit timeframes
40.10 Decimal improvement rates

41. Threat Intelligence Platform Management
41.1 Decimal indicator counts
41.2 Decimal integration rates
41.3 Decimal threat feed quality scoring
41.4 Decimal response times
41.5 Decimal feed update frequencies
41.6 Decimal indicator false positive rates
41.7 Decimal correlation counts
41.8 Decimal threat confidence scores
41.9 Decimal analyst usage rates
41.10 Decimal incident enrichment rates

42. SOC Maturity Modeling
42.1 Decimal maturity scores
42.2 Decimal improvement metrics
42.3 Decimal process coverage
42.4 Decimal gap analysis rates
42.5 Decimal best practice adoption
42.6 Decimal incident reduction per stage
42.7 Decimal automation levels
42.8 Decimal SLA adherence
42.9 Decimal benchmarking
42.10 Decimal continuous improvement tracking

43. SOC Budgeting and Resource Allocation
43.1 Decimal budget figures
43.2 Decimal resource allocation percentages
43.3 Decimal cost per incident
43.4 Decimal ROI calculations
43.5 Decimal asset coverage
43.6 Decimal training investment
43.7 Decimal technology spend
43.8 Decimal staffing ratios
43.9 Decimal efficiency gains
43.10 Decimal cost savings

44. Security Operations Documentation
44.1 Decimal document versioning
44.2 Decimal update frequencies
44.3 Decimal documentation coverage
44.4 Decimal accuracy rates
44.5 Decimal access control compliance
44.6 Decimal document retention periods
44.7 Decimal review cycles
44.8 Decimal documentation completeness
44.9 Decimal feedback rates
44.10 Decimal incident documentation rates

45. Third-Party Risk Management
45.1 Decimal third-party counts
45.2 Decimal risk scores
45.3 Decimal compliance rates
45.4 Decimal incident rates
45.5 Decimal SLA adherence
45.6 Decimal assessment frequencies
45.7 Decimal improvement rates
45.8 Decimal communication intervals
45.9 Decimal security rating metrics
45.10 Decimal contract compliance

46. Advanced Persistent Threat (APT) Detection
46.1 Decimal detection rates
46.2 Decimal attack timelines
46.3 Decimal persistence durations
46.4 Decimal false positive rates
46.5 Decimal incident impact scores
46.6 Decimal TTP tracking
46.7 Decimal response times
46.8 Decimal remediation efforts
46.9 Decimal reporting frequencies
46.10 Decimal containment success rates

47. SOC Disaster Recovery and Business Continuity
47.1 Decimal recovery time objectives
47.2 Decimal incident response times
47.3 Decimal backup frequencies
47.4 Decimal test success rates
47.5 Decimal plan update intervals
47.6 Decimal asset restoration rates
47.7 Decimal continuity coverage
47.8 Decimal plan activation rates
47.9 Decimal improvement metrics
47.10 Decimal communication times

48. Security Information Sharing
48.1 Decimal information sharing rates
48.2 Decimal indicator exchange frequencies
48.3 Decimal trust scoring
48.4 Decimal sharing success rates
48.5 Decimal incident reduction through sharing
48.6 Decimal partner counts
48.7 Decimal feedback rates
48.8 Decimal update intervals
48.9 Decimal compliance with sharing policies
48.10 Decimal enrichment from shared data

49. SOC Performance Review and Optimization
49.1 Decimal performance metrics
49.2 Decimal improvement rates
49.3 Decimal incident resolution times
49.4 Decimal detection effectiveness
49.5 Decimal response time improvements
49.6 Decimal false positive reduction
49.7 Decimal SLA adherence
49.8 Decimal analyst productivity
49.9 Decimal ticket closure rates
49.10 Decimal reporting accuracy

50. Emerging Trends in Security Operations
50.1 Decimal trend analysis
50.2 Decimal adoption rates of new tech
50.3 Decimal incident pattern changes
50.4 Decimal automation implementation
50.5 Decimal AI/ML detection rates
50.6 Decimal cloud migration percentages
50.7 Decimal threat evolution rates
50.8 Decimal training needs
50.9 Decimal tool integration rates
50.10 Decimal future skills gap metrics