soc30 / lms
connected
back to day 3
WEEK_1 · DAY_03 · LAB

Lab 3 — Design Your Stack

Every tool in the modern SOC stack — and why Splunk sits at the centre

LAB PROGRESS0/4 steps · 0%

Lab Objectives

  • Map the modern SOC technology stack
  • Differentiate SIEM, EDR, NDR, SOAR, TIP, vulnerability management
  • Understand integration patterns (API, syslog, agent, webhook)
  • Know where Splunk Enterprise Security fits

Lab Instructions

  1. 1
    For a 5,000-employee fintech, list every tool category needed.
  2. 2
    Pick a specific product per category (SIEM, EDR, NDR, SOAR, TIP, Email, Identity, VM).
  3. 3
    Sketch the data flow: which tools send to Splunk, and how (agent / syslog / API / HEC).
  4. 4
    Identify the 10 highest-value log sources to onboard first.
← LAB 2
Lab 2 — Map a Triage Workflow
LAB 4
Lab 4 — Map a CIA Risk Matrix