5-Day Instructor-Led Programme
The XSOC Certification Programme is the practitioner standard for SOC analysts who detect, investigate, and proactively hunt advanced threats across enterprise environments using SIEM, EDR, and cyber threat intelligence. Assessed on Day 6 through a supervised live hunt exercise culminating in a professional intelligence report , no multiple choice, no exam pressure, no question bank.
Duration
5 Days
Price
$7,494
Modern security operations demand more than alert triage and runbook execution. Threat actors blend into normal traffic, adapt their techniques constantly, and evade signature-based detection. The SOC analyst who follows only a playbook is perpetually behind. XSOC is built for professionals who want to operate at the front edge of detection , hunting proactively, engineering better detection logic, and producing intelligence that informs strategic decisions.
Across six instructor-led days, participants build capability across the complete SOC lifecycle: platform operations across Splunk, Microsoft Sentinel, and Elastic, detection engineering with Sigma and YARA, alert triage and investigation workflows, endpoint and cloud telemetry analysis, threat hunting methodology, and cyber threat intelligence integration. Every session uses real adversary behaviour drawn from current threat actor profiles and MITRE ATT&CK v14.
On Day 6, participants lead a live supervised hunt exercise against a simulated enterprise environment seeded with real threat actor behaviour. The senior practitioner observes methodology and assesses the intelligence report submitted. Certificate and Practitioner Assessment Report issued together. Aligned with MITRE ATT&CK v14, NCSC CAF Objective C, NIST CSF 2.0 Detect, UK DDaT Cyber Security job family, GovAssure, SOC-CMM, NIS2, and DORA.
Live SIEM exercises across Splunk, Sentinel, and Elastic, alert triage simulations, EDR telemetry analysis, Sigma and YARA detection rule authoring, threat hunting drills, and a full-day supervised hunt on Day 6.
Mentor-led sessions exploring real adversary TTPs from current threat actor profiles, detection engineering against ATT&CK v14, and professional intelligence report structure aligned to regulatory reporting obligations.
Operate as a practitioner-level SOC analyst capable of detection engineering, proactive threat hunting, and producing professional intelligence reports that inform board-level security decisions.
Design and implement detection rules aligned to MITRE ATT&CK v14 using Sigma, YARA, and native SIEM query languages across Splunk, Sentinel, and Elastic
Analyse endpoint, network, and cloud telemetry to identify indicators of compromise and adversary behaviour patterns
Lead hypothesis-driven threat hunting operations from scoping through evidence collection to structured intelligence findings
Manage investigation workflows across L1 to L3 SOC tiers with professional documentation and escalation standards
Integrate cyber threat intelligence from multiple sources into detection engineering and operational SOC processes
Produce professional intelligence reports and executive briefings aligned to NIS2, DORA, and NCSC CAF regulatory requirements
Minimum 12 months in a SOC, security operations, or IT infrastructure role with hands-on security exposure
Working knowledge of at least one SIEM platform: Splunk, Microsoft Sentinel, or Elastic
Basic understanding of TCP/IP networking, Windows and Linux operating systems
Organized by professional domains with comprehensive coverage
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Typical next step: XCTI (Cyber Threat Intelligence Practitioner) for strategic intelligence capability, or XCISO for security leadership.
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
Custom quotes for teams and organisations
We come to you. Training delivered at your workplace for teams of 6 or more.
Custom pricing based on:
No obligation. Response within 1 business day.
Classroom training at a professional venue. Ideal for focused, immersive learning.
Custom pricing based on:
No obligation. Response within 1 business day.
Combine online and in-person learning for maximum flexibility and impact.
Timeline tailored to learner availability
Custom pricing based on:
No obligation. Response within 1 business day.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Credential
On successful completion of XSOC β Xcademia SOC Analyst Practitioner , learners receive an Xcademia Certificate of Completion. This standalone certificate is issued directly by Xcademia and recognised by employers across the UK defence and security sector.
Everything you need to know about the certification exams
You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.
Everything you need to know about this course
Both are MCQ exams. XSOC is six instructor-led days ending in a supervised live threat hunt and intelligence report on Day 6. Participants demonstrate actual detection and hunting capability. XSOC also covers three SIEM platforms β Splunk, Sentinel, and Elastic β versus the surface-level tool coverage in MCQ certs. The Practitioner Assessment Report documents exactly what each analyst demonstrated and who verified it.
Take the next step in your professional development