Defensive Security

Blue Team

Investigate real incident cases in the SOC Hub: forensics, malware analysis, detection and response. Measure it with NIST NICE/CSF 2.0 mapping and a SOC performance score.

Start defending

What's covered

Six defensive disciplines built around realistic, case-driven SOC scenarios.

Incident Response

Triage, containment and eradication — work real incident chains end to end.

Digital Forensics (DFIR)

Memory/disk analysis, registry, prefetch, EVTX — KAPE, Hayabusa, MemProcFS.

Malware Analysis

Behavioural analysis of maldocs, RATs, ransomware and stealer samples.

Detection & Monitoring

SIEM, log analysis, Sigma/YARA, threat hunting and MITRE detection mapping.

Hardening

Windows/Linux baselines, CIS and GPO to shrink the attack surface.

Threat Intelligence

APT groups, TTPs and campaign analysis with ATT&CK association.

Work a case like a real SOC

Every SOC Hub case walks the full incident lifecycle — and scores you at each step.

Detect

An alert fires in the SOC Hub case.

Triage

Scope severity and prioritise.

Investigate

Pivot through logs, memory and disk.

Respond

Contain, eradicate and recover.

Report

Document findings and IOCs.

A measurable SOC performance score

Defensive skill shouldn't be a gut feeling — we turn it into a number.

Accuracy

Correct answers across investigation tasks and IOCs.

Case completion

How much of each incident case you work to closure.

0–100 SOC score

A single, comparable readiness number across all blue-team content.

Mapped to NIST & MITRE

Blue-team content is mapped across NIST NICE work-role categories and CSF 2.0functions, with detections tied to MITRE ATT&CK — turning practice into a skills framework leaders can report against.

Career paths

Structured tracks that build job-ready defenders, step by step.

SOC Analyst

Detection, triage and incident handling from L1 to L2.

DFIR Specialist

Deep forensics across memory, disk and Windows artefacts.

Threat Intel Analyst

APT tracking, TTP analysis and ATT&CK-driven reporting.

0–100

SOC Performance score (accuracy + case completion)

Try It Now

Why CyberExam for Blue Teams?

  • SOC Hub: real, case-based, task-driven blue-team scenarios
  • Skill maps across NIST NICE categories & CSF 2.0 functions
  • SOC Performance score computed across all blue-team content
  • Hands-on DFIR labs (KAPE, Hayabusa, MemProcFS)
  • SOC Analyst & Threat Intelligence career paths

Ready to defend?

Open your first SOC Hub case and start raising your readiness score.

Start defending