Blue Team
Investigate real incident cases in the SOC Hub: forensics, malware analysis, detection and response. Measure it with NIST NICE/CSF 2.0 mapping and a SOC performance score.
Start defendingWhat's covered
Six defensive disciplines built around realistic, case-driven SOC scenarios.
Incident Response
Triage, containment and eradication — work real incident chains end to end.
Digital Forensics (DFIR)
Memory/disk analysis, registry, prefetch, EVTX — KAPE, Hayabusa, MemProcFS.
Malware Analysis
Behavioural analysis of maldocs, RATs, ransomware and stealer samples.
Detection & Monitoring
SIEM, log analysis, Sigma/YARA, threat hunting and MITRE detection mapping.
Hardening
Windows/Linux baselines, CIS and GPO to shrink the attack surface.
Threat Intelligence
APT groups, TTPs and campaign analysis with ATT&CK association.
Work a case like a real SOC
Every SOC Hub case walks the full incident lifecycle — and scores you at each step.
Detect
An alert fires in the SOC Hub case.
Triage
Scope severity and prioritise.
Investigate
Pivot through logs, memory and disk.
Respond
Contain, eradicate and recover.
Report
Document findings and IOCs.
A measurable SOC performance score
Defensive skill shouldn't be a gut feeling — we turn it into a number.
Accuracy
Correct answers across investigation tasks and IOCs.
Case completion
How much of each incident case you work to closure.
0–100 SOC score
A single, comparable readiness number across all blue-team content.
Mapped to NIST & MITRE
Blue-team content is mapped across NIST NICE work-role categories and CSF 2.0functions, with detections tied to MITRE ATT&CK — turning practice into a skills framework leaders can report against.
Career paths
Structured tracks that build job-ready defenders, step by step.
SOC Analyst
Detection, triage and incident handling from L1 to L2.
DFIR Specialist
Deep forensics across memory, disk and Windows artefacts.
Threat Intel Analyst
APT tracking, TTP analysis and ATT&CK-driven reporting.
Why CyberExam for Blue Teams?
- SOC Hub: real, case-based, task-driven blue-team scenarios
- Skill maps across NIST NICE categories & CSF 2.0 functions
- SOC Performance score computed across all blue-team content
- Hands-on DFIR labs (KAPE, Hayabusa, MemProcFS)
- SOC Analyst & Threat Intelligence career paths
