Cloud SOC

Equip yourself with essential skills in detection, identification, and vulnerability analysis of attacks on cloud infrastructures.

Course Overview

For many organizations, the Security Operations Center (SOC) acts as the keeper of enterprise data, networks, and applications, regularly providing reports on network activity and potential threats. However, with more systems migrating to the cloud, SOC teams must be able to manage multiple streams of data–both internal and external–and effectively log and assess different threats and vulnerabilities within their cloud infrastructure.

CyberVista’s Cloud SOC course is a five-hour, 100% online program that provides training for security professionals in the detection and identification of attacks on their cloud infrastructures. Learners will become familiar with network captures and logging in both the AWS and Azure instances. Additionally, learners will be prepared to conduct further vulnerability analysis and cloud inventory discovery.

Participants will gain first-hand knowledge of the implications of cloud security in SOC with instruction led by a subject matter expert and industry leader in security operations.

  • 5 hours of on-demand training videos
  • Hands-on lab exercises in Azure and AWS
  • 15 question diagnostic exam
  • 15 question final exam
  • 15 knowledge check questions
  • Tool and shortcut handouts
  • Performance Tracker


It is recommended to have some basic knowledge of security systems and controls, as well as experience working with cloud platforms like Microsoft Azure and Amazon Web Services. Practitioners with a Security+ certification or those who have completed CyberVista’s Critical Knowledge course are suggested. For additional review in cloud security, CyberVista’s Cloud Security Essentials course could also be beneficial.

Relevant Training

There are several options to continue training following the Cloud SOC course, including:

Course Outline

Domain 1: Attack Overview and Network Captures

This unit covers attack lifecycles (Cyber Kill Chain, Mitre Att&ck Framework) and network captures and logs.

  • Attack Lifecycle Review
  • Network Captures and Logs

Domain 2: Logs Overview and Log Types

This unit introduces logging as a whole as well as various types of logs that security analysts will need while working in the cloud.

  • Log Overview
  • Cloud Logging
  • API Logging
  • Application Logging
  • Container Logs

Domain 3: Cloud Management and Vulnerability Analysis

This unit covers cloud inventory management, data discovery, and vulnerability analysis.

  • Cloud Inventory and Data Discovery
  • Vulnerability Analysis