TRYHACKME · SOC LEVEL 1 PATH

Learning to
Defend.
One Room
at a Time.

Documenting my journey through the TryHackMe SOC Level 1 learning path — 65 rooms across 14 modules covering blue team fundamentals, threat intelligence, SIEM, network & endpoint monitoring, malware analysis, and incident response.

1
Room Done
65
Total Rooms
14
Modules
VIEW ROOMS ROADMAP
thm — soc-level-1
01

Path Progress

OVERALL COMPLETION
SOC Level 1
TryHackMe Learning Path · 14 Modules · 65 Rooms
1% complete1 / 65 rooms
1
ROOM DONE
1
MODULE ACTIVE
64
REMAINING
14
TOTAL MODULES
CURRENT STATUS
ACTIVE MODULE
Blue Team Introduction
1 of 5 rooms completed
▶ UP NEXT
SOC Role in Blue Team
Blue Team Introduction · Room 2 of 5
▶ IN PROGRESS
MODULE 01
Blue Team Introduction
Start your defensive security career by exploring the Blue Team and the Security Operations Centre (SOC). Understand why defensive security is essential.
Junior Security Analyst IntroSOC Role in Blue TeamHumans as Attack VectorsSystems as Attack Vectors
20% — 1 of 5 rooms
⬜ UPCOMING
MODULE 02
SOC Team Internals
Explore the essential SOC analyst skills to help you triage, classify, and escalate alerts in real-world SOC environments.
SOC L1 Alert TriageAlert ReportingSOC WorkbooksSOC MetricsIntro to Phishing
0% — not started
⬜ UPCOMING
MODULE 03
Core SOC Solutions
This module covers SIEM, EDR and SOAR — the core security solutions used in every SOC. Understanding these tools is essential for any analyst.
Intro to EDRIntro to SIEMSplunk: The BasicsElastic Stack: The BasicsIntro to SOAR
0% — not started
⬜ UPCOMING
MODULE 04
Cyber Defence Frameworks
Learn how frameworks such as Pyramid of Pain, Cyber Kill Chain, and MITRE ATT&CK help you understand adversarial behaviour and harden detection and response.
Pyramid of PainCyber Kill ChainUnified Kill ChainMITRESummitEviction
0% — not started
⬜ UPCOMING
MODULE 05
Threat Analysis Tools
Understand how to leverage threat intelligence to detect, investigate and defend against adversaries using enrichment techniques and analysis workflows.
Intro to Cyber Threat IntelFile & Hash Threat IntelIP & Domain Threat IntelInvite Only
0% — not started
⬜ UPCOMING
MODULE 06
Network Traffic Analysis
Learn the basics of network traffic analysis and get hands-on with Wireshark to detect various types of attacks through packet inspection.
Network Traffic BasicsWireshark: BasicsWireshark: Packet OpsWireshark: Traffic AnalysisNetworkMiner
0% — not started
⬜ UPCOMING
MODULE 07
Network Security Monitoring
Learn about key fundamentals of Network Security — monitoring perimeters and analysing network traffic for footprints of MITM, discovery, and exfiltration attacks.
Network Security EssentialsNetwork Discovery DetectionData Exfiltration DetectionMITM DetectionIDS FundamentalsSnort
0% — not started
⬜ UPCOMING
MODULE 08
Web Security Monitoring
Learn how to protect and monitor the web ecosystem — detecting web attacks, web shells, and DDoS through log and traffic analysis.
Web Security EssentialsDetecting Web AttacksDetecting Web ShellsDetecting Web DDoS
0% — not started
⬜ UPCOMING
MODULE 09
Windows Security Monitoring
Learn how Windows logging works and use it to detect common Windows attacks — all through real-world examples and hands-on threat detection labs.
Windows Logging for SOCWindows Threat Detection 1Windows Threat Detection 2Windows Threat Detection 3
0% — not started
⬜ UPCOMING
MODULE 10
Linux Security Monitoring
Learn how Linux logging works and use it to detect common Linux attacks through real-world examples and challenging hands-on detection labs.
Linux Logging for SOCLinux Threat Detection 1Linux Threat Detection 2Linux Threat Detection 3
0% — not started
⬜ UPCOMING
MODULE 11
Malware Concepts for SOC
Learn to identify common malware types, understand their purpose, analyse files, and detect Living Off the Land attacks using trusted Windows tools.
Malware ClassificationIntro to Malware AnalysisLiving Off the Land AttacksShadow Trace
0% — not started
⬜ UPCOMING
MODULE 12
Phishing Analysis
Learn how to analyse and defend against phishing emails. Investigate real-world phishing attempts using email headers, URLs, and attachment analysis.
Phishing FundamentalsPhishing Emails in ActionPhishing Analysis ToolsPhishing PreventionThe Greenholt PhishSnapped Phish-ing LinePhishing Unfolding
0% — not started
⬜ UPCOMING
MODULE 13
SIEM Triage for SOC
Explore how SIEM solutions detect early signs of attacks, investigate SOC alerts, and correlate logs from multiple sources to build an incident timeline.
Log Analysis with SIEMAlert Triage With SplunkAlert Triage With ElasticItsyBitsyBenign
0% — not started
⬜ UPCOMING
MODULE 14
SOC L1 Capstone Challenges
Investigate critical incidents and apply all the skills needed to be an effective SOC analyst while handling various real-world artefacts and attack chains.
TempestBoogeyman 1Boogeyman 2Boogeyman 3
0% — not started
02

Completed Rooms

01 ✓ DONE EASY
Junior Security Analyst Intro
MODULE 01 — Blue Team Introduction
Play through a day in the life of a Security Analyst and experience their everyday duties. Covers the SOC structure, analyst responsibilities, alert triage workflow, and how Tier 1/2/3 analysts work together to respond to incidents.
SOC WORKFLOW ALERT TRIAGE BLUE TEAM L1 ANALYST
02 ▶ NEXT EASY
SOC Role in Blue Team
MODULE 01 — Blue Team Introduction
Discover security roles and learn how to advance your SOC career, starting from the L1 analyst. Explores the different positions within a SOC and the skills needed to grow.
SOC ROLESCAREER PATHBLUE TEAM
03 ⬜ LOCKED EASY
Humans as Attack Vectors
MODULE 01 — Blue Team Introduction
Understand why and how people are targeted in cyber attacks and how the SOC helps defend them. Social engineering, phishing, and human-layer threats.
SOCIAL ENGINEERINGHUMAN THREATS
04 ⬜ LOCKED EASY
Systems as Attack Vectors
MODULE 01 — Blue Team Introduction
Learn how attackers exploit vulnerable and misconfigured systems, and how you can protect them. Covers attack surfaces and basic hardening concepts.
ATTACK SURFACEHARDENINGVULNERABILITIES
03

Skills Gained

[🛡]
SOC Analyst Workflow
Understanding the day-to-day responsibilities of a Tier 1 SOC analyst — monitoring dashboards, receiving alerts, triaging events, and escalating to higher tiers when needed.
Junior Security Analyst Intro
[⚡]
Alert Triage Fundamentals
The basic process of reviewing and prioritizing security alerts — distinguishing true positives from false positives, and understanding how urgency and severity are assessed.
Junior Security Analyst Intro
[👥]
Blue Team Structure
How a Security Operations Centre is organized — the roles of Tier 1, 2, and 3 analysts, the escalation path, and how the SOC interacts with the broader security team.
Junior Security Analyst Intro
[◇]
SOC Career Paths
Understanding how to grow from L1 analyst to L2, L3, and beyond — skills, certifications, and specializations needed at each stage.
COMING SOON
[🔺]
Cyber Defence Frameworks
Pyramid of Pain, Cyber Kill Chain, Unified Kill Chain, Diamond Model, and MITRE ATT&CK — the foundational models every SOC analyst uses.
MODULE 04
[📊]
SIEM & Log Analysis
Using Splunk and Elastic Stack to query logs, correlate events, triage alerts, and investigate incidents from a centralized platform.
MODULES 03 + 13
04

Learning Roadmap

MODULE 01 · 5 ROOMS · IN PROGRESS
Blue Team Introduction
Junior Security Analyst Intro ✓ · SOC Role in Blue Team · Humans as Attack Vectors · Systems as Attack Vectors
▶ ACTIVE — 1/5 rooms
MODULE 02 · 6 ROOMS
SOC Team Internals
SOC L1 Alert Triage · SOC L1 Alert Reporting · SOC Workbooks and Lookups · SOC Metrics and Objectives · Introduction to Phishing
⬜ NOT STARTED
MODULE 03 · 6 ROOMS
Core SOC Solutions
Introduction to EDR · Introduction to SIEM · Splunk: The Basics · Elastic Stack: The Basics · Introduction to SOAR
⬜ NOT STARTED
MODULE 04 · 7 ROOMS
Cyber Defence Frameworks
Pyramid of PainCyber Kill ChainUnified Kill ChainMITRESummitEviction
⬜ NOT STARTED
MODULE 05 · 5 ROOMS
Threat Analysis Tools
Intro to Cyber Threat Intel · File and Hash Threat Intel · IP and Domain Threat Intel · Invite Only
⬜ NOT STARTED
MODULE 06 · 6 ROOMS
Network Traffic Analysis
Network Traffic BasicsWireshark: BasicsWireshark: Packet OpsWireshark: Traffic AnalysisNetworkMiner
⬜ NOT STARTED
MODULE 07 · 7 ROOMS
Network Security Monitoring
Network Security Essentials · Network Discovery Detection · Data Exfiltration Detection · Man-in-the-Middle Detection · IDS Fundamentals · Snort
⬜ NOT STARTED
MODULE 08 · 5 ROOMS
Web Security Monitoring
Web Security EssentialsDetecting Web AttacksDetecting Web ShellsDetecting Web DDoS
⬜ NOT STARTED
MODULE 09 · 5 ROOMS
Windows Security Monitoring
Windows Logging for SOC · Windows Threat Detection 1 · Windows Threat Detection 2 · Windows Threat Detection 3
⬜ NOT STARTED
MODULE 10 · 5 ROOMS
Linux Security Monitoring
Linux Logging for SOC · Linux Threat Detection 1 · Linux Threat Detection 2 · Linux Threat Detection 3
⬜ NOT STARTED
MODULE 11 · 5 ROOMS
Malware Concepts for SOC
Malware ClassificationIntro to Malware AnalysisLiving Off the Land AttacksShadow Trace
⬜ NOT STARTED
MODULE 12 · 8 ROOMS
Phishing Analysis
Phishing FundamentalsPhishing Emails in ActionPhishing Analysis ToolsPhishing PreventionThe Greenholt PhishSnapped Phish-ing LinePhishing Unfolding
⬜ NOT STARTED
MODULE 13 · 6 ROOMS
SIEM Triage for SOC
Log Analysis with SIEMAlert Triage With SplunkAlert Triage With ElasticItsyBitsyBenign
⬜ NOT STARTED
MODULE 14 · 5 ROOMS · FINAL
SOC Level 1 Capstone Challenges
TempestBoogeyman 1Boogeyman 2Boogeyman 3
⬜ NOT STARTED
05

Live Threat Feed

LIVE — ThreatFox API
Auto-refresh every 60 min  |  Source: ThreatFox
TOTAL IOCs (24H)
DOMAINS
IP:PORT
URLS
TOP MALWARE FAMILIES — LAST 24H
Fetching from ThreatFox
THREAT INTELLIGENCE SNAPSHOT
#1 Most Active Malware
Unique Malware Families
Highest Confidence IOCs
Malware Executables (exe)
Most Common Tag
Data freshness
24H