Blue Team Resources
Blue Team Resources

Learning Material

1) SOC Experts Resources –

Just need to register and upload your Resume. You will get access to many free resources such as CV samples and Interview Q&A which will definitely help you crack the SOC Analyst Interview. You can also apply to the Jobs once you’ve uploaded your Resume.

2) Simplilearn Free –

Simplilearn’s SkillUp platform is offering you 3 free courses from a huge catalogue of course and you will get a certificate for completing each course. You can refer your friends with a referral code and get access to unlimited courses.

3) Picus Purple Academy –

Picus is another great company offering free courses at Picus Purple Academy. You can learn the MITRE ATT&CK Framework, some important Tactics and Techniques and also about other Security Solutions. Picus also has an Attack Simulation Platform which you can check out.

4) DFIR Academy –

The link above gives you access to free course with Proof of Completion. DFIR Diva created this resource and is very famous for Digital Forensics and Incident Response.

5) Splunk Training –

Splunk offers Free Training for Splunk Enterprise which you can leverage and learn the platform. You can also download the free tool by Signing up and then get Enterprise access for 2 months after which, you can use the Free license.

6) The Daily Swig News-

Maintained by PortSwigger famous for its Web Application Attack Simulation and Testing Platform, it has a great UI for the latest Cybersecurity news around the world.

7) The Hacker News –

Any news related to hacking, first comes on this website. You can also register on their free Telegram Channel.

8) SOC Investigation –

Here is a Q&A resource for SOC Analysts maintained by SOC Investigation. Some great Questions that you can refer to before preparing for an interview.

9) Fortinet NSE Institute –

Fortinet NSE1 and NSE2 certification is free and there is a quiz at the end of each module that you will need to pass. It gives you knowledge about all the latest technologies in a modern Security Environment.

10) Splunk Architecture –

If you’re using Splunk, you must check this blog. They have the latest architecture diagram for a Distributed Splunk Environment along with all the information related to Splunk Architecture.

11) Splunk Interview Q&A –

SIEM Expert maintains this Q&A related to Splunk which is very informative and useful before going to an interview that requires you to have in depth knowledge about Splunk and its components. Suitable for Splunk Analysts and Admins.

12) Windows Security Logs –

This website is the encyclopedia for Windows Logs. You can find information about each and every Windows Event that is there. Another great resource for Security Analysts.

13) Infosec Train –


Another great resource maintained by InfoSecTrain that has the top most and frequently asked SOC Interview Q&A.

15) SOC Prime MITRE ATT&CK –!/

This page has an in-depth mapping of the MITRE ATT&CK framework with all kinds of details for each Technique. SOC Prime is another great organization that helps provide free Correlation Rules for Use cases of all kinds for most of the SIEM tools available in the market.

16) SOC Prime Use Cases –

These are some Use Cases that can be mapped to most of the SIEM tools.

17) SOC Prime Sigma Rules –!/

Sigma Rules is a repository of rules that can be mapped to any SIEM tool with easy transformations.

18) Splunk BOTSv1 –

19) Splunk BOTSv2 –

20) Splunk BOTSv3 –

If you’re using Splunk, you need to know about BOTS (Boss of the SOC) which is a data set that can be integrated with Splunk by just copy pasting and installing necessary Add-On’s for mapping. Once that’s done, you can start analyzing the data and figure out various types of attacks hidden in these large data sets.

21) Hunting with Splunk –

This resource complements with Splunk BOTS dataset and gives you details and search commands for the various types of attacks that have taken place in the data set. It is very informative and a place to start with for learning Hunting with Splunk.

22) Splunk Use Cases by CyberY –

Some uses cases created by CyberY for Splunk. There are around 80 such correlation rules that you can implement straight away.

23) Zelster Incident Log Review Checklist –

Maintained by Zelser, this cheat sheet presents a checklist for reviewing critical logs when
responding to a security incident. It can also be used for routine log

24) Malware Analysis Use Cases by SOC Investigation:

If you’re an Incident Responder or SOC Analyst, then SOC Investigation is the go to resource for all types of attacks and their detection and response. I have given a link to the tool Any.Run in the tools section. You can use that and analyze malware in the Any.Run Interactive sandbox.

25) Malware AutoStart Locations for IR using Autoruns –

Autrouns is a part of sysinternals tools developed by Microsoft. It gives us a detailed view of all programs that are configured to Autostart. This blog post can be used to find out commonly used Malware AutoStart Locations for Incident Response.

26) Official Documentation from CIS Security:

The log4j Java application programming interface (API) provides a structured mechanism for logging. It is primarily used to send logging output to a central log file or other destination, such as a database, though it can also send messages to individual files or to the console. The default configuration of an Apache web server has log4j configured as its logging framework.

27) Detecting Log4j exploit with Splunk:

This blog post is a part of Splunk’s Log4j response.

28) Rapid 7 Cyber Security Fundamentals:

All Cybersecurity fundamentals in one page that you can go through. I would definitely suggest everyone to have a look at this. Just an amazing resource.

29) Palo Alto Cortex XSOAR Use Cases:

For all the SOAR Engineers, you should know about Palo Alto Cortex XSOAR and they have written Use Cases for almost all categories for their tools. Navigate through the resource and gain full knowledge of all integrations and playbooks that are present for XSOAR.

30) IT Masters Edu Free Phishing Course:

The best Phishing Course I have come across for both Analysts and Red Teamers who conduct Phishing Campaigns in their organization. It has 4 modules and IT Master Edu have other free courses as well.

31) Scanning your own host using Nessus:

Many people including me have faced an issue when scanning the same Windows host or another host using Nessus. Hopefully this resource will help.

32) MITRE CAR (Cyber Analytics Repository):

Developed by MITRE Corporation, the analytics detect ATT&CK techniques using data from various sensors. Both Blue Teamers and Purple Teamers can use it.

33) Writing YARA Rules:

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. This resource lists down instructions on how to write rules. You can also share your YARA rules that you write with the community and help them in detecting malware on the system. TryHackMe also has a seperate room for learning YARA.

34) Windows Event Log Samples:

Use this and download sample Windows Event Logs and start analyazing them. There are in the standard EVTX Format.

35) OSQuery Schema:

If you’re using OSQuery, you can use this to understand the schema and write your statements accordingly. It has all the tables for all the versions. TryHackMe also provides a seperate room for OSQuery.

Some other links for OSQuery are below that you can use:

Do check them out 🙂

36) Sec Repo: Samples for various types of Security:

In this Repository, you get data samples of all types of logs that you can analyze and gain hands-on experience with in your SIEM Tool.