Jasper Alblas
TryHackMe: SOC Level 1 Path – Complete Walkthrough Overview
As I have written more and more walkthroughs on the SOC Level 1 Path I thought it would be a great idea to collect all my walkthroughs on one page. So here you go 🙂
UPDATE: November, 2025
I realize that this path has changed significantly since I started this post. I am working on revamping it. I have currently reached the Phishing Analysis section.
Table of Contents
About the SOC Level 1 path
In the Junior Security Analyst role, you will be a Triage Specialist. You will spend a significant portion of your time triaging or monitoring the event logs and alerts.
The responsibilities of a Junior Security Analyst or Tier 1 SOC Analyst include the following:
- Monitor and investigate alerts (most of the time, it’s a 24×7 SOC operations environment)
- Configure and manage security tools
- Develop and implement IDS signatures
- Escalate the security incidents to the Tier 2 and Team Lead if needed
Prerequisites
You need a basic understanding of fundamental computing principles and a broad understanding of the different areas of cyber security to complete this pathway. If you do not already have these prerequisites, complete the Pre-Security Pathway and Intro To Cyber Security Pathway.
My Walkthroughs on the revised SOC Level 1 Path
Blue Team Introduction
Start your defensive security career by exploring the Blue Team and its core – the Security Operations Centre (SOC). You’ll learn why defensive security is essential and how it helps organisations stay protected against attacks.
This module immerses you in the work of a Security Operations Centre, where you’ll learn how both humans and systems become attack vectors, and how analysts detect and respond in real time. Through hands-on scenarios, you’ll gain practical insight into defending organisations from cyber attacks and explore SOC roles, tools, and skills needed to begin your journey as a Junior Security Analyst.
TryHackMe: Junior Security Analyst Intro Walkthrough (SOC Level 1)
SOC Team Internals
Explore the essential SOC analyst skills to help you triage, classify, and escalate alerts in real-world SOC environments.
This module is built around the central concept of any SOC team – security alerts. You will learn to triage and classify alerts, document findings, write reports, and follow proper escalation and communication procedures. These skills will help you build confidence for TryHackMe SOC-SIM and your first months in a real SOC team.
SOC Simulator: Introduction to Phishing
Core SOC Solutions
Understanding security solutions is key for SOC analysts. This module covers SIEM, EDR and SOAR, the core security solutions used in a SOC.
This module starts with building knowledge on Endpoint Detection and Response (EDR) solution that detect advanced threats on the endpoints and offers response capabilities. You will then learn the foundation of Security Information and Event Management (SIEM) solution and practically work on Splunk and Elastic Stack tools. Lastly, you will learn how any SOC can automate their repetitive functions and streamline incident handling using Security Orchestration, Automation, and Response (SOAR) solution.
Cyber Defence Frameworks
Learn how defensive frameworks, such as Pyramid of Pain, Cyber Kill Chain, and MITRE, help you understand adversarial behaviour and harden detection, triage, and response.
This module examines attack stages and adversary techniques through widely used frameworks. You will follow real-world incident steps and analyse investigative methods that fit organisational policies. By the end, you will be able to map telemetry to frameworks, create framework-driven triage notes, and apply these models to improve your team’s detection and containment workflows.
TryHackMe: Pyramid Of Pain Walkthrough
TryHackMe: Cyber Kill Chain Walkthrough
TryHackMe: Unified Kill Chain Walkthrough
TryHackMe: Eviction Walkthrough
Phishing Analysis
Learn how to analyse and defend against phishing emails. Investigate real-world phishing attempts using a variety of techniques.
In this module, you will learn to analyze various phishing attacks hands-on. From examining an email’s source properties to reviewing malicious phishing attachments, you will investigate real-world examples of attacks in the industry. You will also discover how adversaries launch phishing campaigns and learn how you can defend your organization against them.
Phishing Analysis Fundamentals
<- Reworked until here, more coming soon ->
The Greenholt Phish
Snapped Phish-ing Line
Phishing Unfolding
Network Traffic Analysis
Coming
Network Security Monitoring
TryHackMe: Snort Walkthrough (SOC Level 1)
Coming later
Web Security Monitoring
Coming later
Windows Security Monitoring
Coming later
Linux Security Monitoring
Coming later
Malware Concepts for SOC
Coming later
Threat Analysis Tools
Coming later
SIEM Triage for SOC
Definitely coming, but not right now 😉
SOC Level 1 Capstone Challenges
Definitely coming, but not right now 😉
Older version of the SOC Level 1 Path:
Network Security and Traffic Analysis (old version)
TryHackMe: Traffic Analysis Essentials Walkthrough (SOC Level 1)
TryHackMe: Snort Walkthrough (SOC Level 1)
TryHackMe: Snort Challenge; The Basics Walkthrough (SOC Level 1)
TryHackMe: Snort Challenge; Live Attacks (SOC Level 1)
TryHackMe: NetworkMiner (SOC Level 1)
TryHackMe: Zeek Exercises (SOC Level 1)
TryHackMe: Wireshark: The Basics (SOC Level 1)
TryHackMe: Wireshark: Packet Operations (SOC Level 1)
TryHackMe: Wireshark: Traffic Analysis
TryHackMe: TShark: The Basics Walkthrough (SOC Level 1)
TryHackMe: TShark: CLI Wireshark Features Walkthrough (SOC Level 1)
TryHackMe: TShark Challenge I: Teamwork Walkthrough (SOC Level 1)
TryHackMe: TShark Challenge 2: Directory Walkthrough (SOC Level 1)
Cyber Threat Intelligence (old version)
TryHackMe: Intro to Cyber Threat Intel Walkthrough (SOC Level 1)
TryHackMe: Threat Intelligence Tools Walkthrough (SOC Level 1)
TryHackMe: Yara Walkthrough (SOC Level 1)
TryHackMe: OpenCTI Walkthrough (SOC Level 1)
TryHackMe: MISP Walkthrough (SOC Level 1)
TryHackMe: Friday Overtime Walkthrough (SOC Level 1)
TryHackMe: Trooper Walkthrough (SOC Level 1)
Endpoint Security Monitoring (old version)
TryHackMe: Intro to Endpoint Security Walkthrough (SOC Level 1)
TryHackMe: Core Windows Processes Walkthrough (SOC Level 1)
TryHackMe: Sysinternals Walkthrough (SOC Level 1)
TryHackMe: Windows Event Logs Walkthrough (SOC Level 1)
TryHackMe: Sysmon (SOC Level 1)
TryHackMe: Osquery: The Basics (SOC Level 1)
TryHackMe: Wazuh Walkthrough (SOC Level 1)
Like my articles?
You are welcome to give my article a clap or two 🙂
I would be even more grateful if you support me by buying me a cup of coffee:
I learned a lot through HackTheBox’s Academy. If you want to sign up, you can get extra cubes, and support me in the process, if you use the following link:
[…] Find my complete list of SOC Level 1 Path walkthroughs here. […]
Hi! I hope you enjoy my list of walkthroughs. I am currently working on the revised path, and will slowly add new versions of all rooms. Pfew! Be sure to connect to me on Linkedin. I don’t bite! 🙂
[…] Find my other TryHackMe SOC Level 1 Path walkthrougs here. […]
[…] Find other walkthroughs of the TryHackMe: SOC Analyst L1 path here. […]