Paid Program — Enrollment Open

Build an Enterprise SOC
from zero.

A complete training program on building a fully operational Security Operations Center using open-source tools. 20 recorded sessions. AI-powered triage layer. Live Q&A. No fluff.

20
Video sessions
15+
Hours of content
4
Learning phases
6
Open-source tools
2 mo
AI SOC Platform access

What makes this different

Most SOC training teaches you tools in isolation. This program is built from actual client deployments.

You're not just learning how Wazuh works. You're learning how to walk into a client meeting, scope the engagement, design the architecture, deploy the stack, wire everything together, validate detection coverage, and hand over a production SOC.

Plus you get 2 months hands-on access to the Secure Sleuths AI SOC Platform — an AI-powered triage layer built on top of Wazuh that handles alert enrichment, correlation, natural language SIEM queries, and closed-loop detection tuning. This is not a demo. It's the same platform running in production for our managed SOC clients.

You won't find this combination anywhere else right now.

Tools you'll master
Wazuh Suricata MISP Catalyst / TheHive Slack / Telegram Docker
Your Differentiator

The AI Layer That Changes Everything

As part of this program, you get 2 months of hands-on access to the Secure Sleuths AI SOC Platform — a 4,800+ line AI-powered operations layer built on top of Wazuh.

🤖 AI Alert Triage

Every alert gets AI-powered analysis with enrichment from AbuseIPDB, AlienVault OTX, behavioral baselines, and historical context. Not a bolted-on copilot. Core architecture.

🔎 Natural Language SIEM Queries

Ask your SIEM questions in plain English. "Show me all machines that communicated with this IP in the last 24 hours." "What alerts fired from this subnet overnight?"

🔁 Closed-Loop Detection Tuning

The platform proposes rule changes based on triage outcomes and auto-tunes confidence thresholds per rule. Self-improving detection.

🎯 Threat Hunting

Hypothesis-driven hunts based on MITRE coverage gaps with executable queries.

📄 Incident Grouping & Case Management

Automatic alert grouping, timeline, assignment, merge, and full lifecycle management.

Active Response

9 response actions with verification. Block IPs, isolate hosts, kill processes, quarantine files.

🛡 Vulnerability Management

Integrated CVE detection, remediation commands, and remote fix execution with verification.

This is not a sandbox with sample data. You'll be running this on your own Wazuh deployment by the end of the training.
SecureSleuths AI SOC Dashboard — Overview showing triage stats, trend chart, and noisiest rules
Full Curriculum

What you'll learn

Four phases that take you from the initial client meeting to a hardened, production-ready SOC with validated detection coverage.

PHASE 1 Planning & Architecture 6 sessions
00

Program Overview — What You're About to Build

The complete roadmap. From zero to a fully operational SOC — what you'll build, why it works, and how the series fits together.

~14 min Available
01

Client Meeting & SOC Requirements Gathering

Before you touch a server — understanding scope, stakeholders, compliance needs, and the questions that prevent six-figure disasters.

~34 min Available
02A

SOC Architecture Design — Choosing Your Tools

Selecting and defending your open-source SOC stack. Honest comparison of Catalyst vs TheHive, and why each tool earned its place.

~17 min Available
02B

SOC Architecture Design — Patterns, Data Flow & Network Design

Three architecture patterns by scale, full data flow mapping, network design with firewall rules, and a client-ready design document.

~14 min Coming Soon
03A

Infrastructure Sizing — EPS, Storage & Server Specs

Calculating exactly what you need. EPS estimation, per-component sizing for Wazuh, Suricata, MISP — numbers, not guesses.

~14 min Coming Soon
03B

Infrastructure Sizing — Deployment Models & Cost Breakdown

Where it runs and what it costs. On-prem vs cloud, OS preparation, and the numbers that win budget meetings.

~14 min Coming Soon
PHASE 2 Core Deployment 2 sessions
04

Wazuh Deployment — Server, Indexer, Dashboard

The core of your SOC. Step-by-step deployment of the Wazuh stack, post-install hardening, TLS, passwords, and health verification.

~15 min Coming Soon
05

Wazuh Agent Deployment & Enrollment

Getting eyes on every endpoint. Windows, Linux agents, syslog collection for network devices, and agent group management.

~14 min Coming Soon
PHASE 3 Detection & Response 7 sessions
06A

Custom Rules, Decoders & Alert Tuning (Part 1)

Making Wazuh actually useful. Rule anatomy, custom decoders, and why 10,000 alerts per day helps nobody.

~12 min Coming Soon
06B

Custom Rules, Decoders & Alert Tuning (Part 2)

Alert tuning, decoder deep dive, and MITRE ATT&CK coverage mapping with the Navigator heatmap.

~8 min Coming Soon
07A

Incident Response Platform — Catalyst & TheHive (Part 1)

When an alert becomes an incident, you need a war room. Catalyst deployment, ticket templates, reactions, and timeline workflows.

~13 min Coming Soon
07B

Incident Response Platform — Catalyst & TheHive (Part 2)

TheHive walkthrough, Wazuh integration scripts (Python), and a live end-to-end incident response workflow demo.

~14 min Coming Soon
08

MISP — Threat Intelligence Setup & Feeds

Know your enemy before they know you. MISP deployment, threat feed configuration, and Wazuh integration for IOC matching.

~14 min Coming Soon
09

Integration — Wazuh + TheHive + MISP + Slack/Telegram

The glue episode. End-to-end wiring, alert notifications, MISP enrichment flow, and a complete attack chain demo.

~14 min Coming Soon
10

Network Security Monitoring with Suricata

Watching the wire. Suricata deployment, SPAN/TAP placement, custom rules, EVE JSON parsing, and Wazuh integration.

~14 min Coming Soon
PHASE 4 Operations & Handover 5 sessions
11

SOC Dashboards, Reports & KPIs

If you can't measure it, you can't improve it. Building dashboards in Wazuh, defining KPIs, and automated weekly reports.

~14 min Coming Soon
12A

Playbooks, Runbooks & SOC Processes (Part 1)

Tools without process = expensive chaos. SOC team structure, L1/L2/L3 roles, shift models, and IR playbook design.

~13 min Coming Soon
12B

Playbooks, Runbooks & SOC Processes (Part 2)

Daily/weekly/monthly task calendars, escalation matrices, documentation templates, and operational checklists.

~12 min Coming Soon
13

Testing & Purple Team Validation

Trust but verify. Does your SOC actually detect anything? Attack simulation, detection gap analysis, and coverage scoring.

~15 min Coming Soon
14

Client Handover, Training & Documentation

Series finale. Making it stick — documentation deliverables, client training tiers, and the complete handover process.

~15 min Coming Soon

What's included

Everything you need to go from zero to a production SOC.

🎥

20 Recorded Sessions

15+ hours of detailed, no-fluff video content. Watch at your own pace, rewind, rewatch. Lifetime access to all recordings — current and future updates.

🤖

AI SOC Platform — 2 Months

Hands-on access to the Secure Sleuths AI SOC Platform. AI-powered alert triage, closed-loop detection, natural language SIEM queries — running on your Wazuh deployment. Same platform our managed SOC clients use in production.

📞

Live Q&A — Every 2 Weeks

Group call with the instructor every 2 weeks. Bring your deployment questions, architecture decisions, troubleshooting problems. Get direct answers.

💬

Direct Deployment Support

Stuck on something between Q&A calls? Message me directly. I'll help you work through deployment issues, configuration problems, and architecture decisions.

📊

Templates & Documents

SOC requirements templates, architecture documents, IR playbooks, runbooks, KPI dashboards, and config files — ready to customize for your clients.

🛠

Real-World Architecture

Not theory. Actual deployment patterns used in production SOCs. Design documents, config files, and scripts included with every session.

💻

Hands-On Labs

Every session includes terminal walkthroughs, live deployments, and configurations you can follow step-by-step.

Who is this for?

MSSP / MDR Founders

Build a repeatable, scalable SOC delivery model for your clients. This is the exact process used in real client engagements.

Security Consultants

Add SOC deployment as a service to your practice. Walk in with a proven methodology, walk out with a new revenue stream.

SOC Analysts & Engineers

Level up from operating a SOC to building one from scratch. Understand the full picture — architecture, deployment, tuning, and handover.

IT Teams Wearing the Security Hat

Stand up proper security monitoring without a massive budget. Open-source tools, real architecture, no enterprise license fees.

P

Prathamesh Bakliwal

Founder, Secure Sleuths · Wazuh Ambassador for India

Runs a managed SOC practice serving clients across fintech, healthtech, edtech, and research. Has deployed Wazuh-based security operations for organizations handling sensitive data. Built the AI SOC Platform (4,800+ lines) that auto-triages alerts, tunes detection rules, and hunts threats autonomously.

This program is the exact process used in production client engagements — not a course built from documentation. Every session comes from real deployments.

Pricing

One-time payment. Everything included.

₹44,999
$499 USD
One-time · Lifetime access to recordings
  • 20 recorded sessions (lifetime access)
  • AI SOC Platform access (2 months)
  • Live Q&A calls every 2 weeks
  • Direct deployment support
  • All templates, scripts, and config files
Enroll Now →

EMI available: 3 monthly payments of ₹15,000

UPI · Bank Transfer · Wise (international) · PayPal

After the 2 months, you can continue AI SOC Platform access on a monthly plan. Details shared during the program.

Ready to build your SOC?

Enroll now and get immediate access to available sessions, plus 2 months of hands-on access to the AI SOC Platform. New episodes released as they're recorded — you'll be notified as each one drops.

Enroll Now →