Apr 28, 2026

Mastering Gen AI
Tools for SOC Analysts

Transform Cybersecurity with Agentic AI – Strengthen your systems with autonomous threat detection and attack simulations,
Real-World Applications & Live Demo – Build your own autonomous security workflows using tools like n8n and AutoGPT.
Free for the First 99 People! – Sign up now to secure your spot in game-changing training!

$01234567890 ,012345678900123456789001234567890

Free for the first 99 people!

Certified Training

CISA-listed cybersecurity trainings

Expert-led, niche training for practical applications

Companies Attended Trainings

HoursMinutesSeconds

https://socradar.io/trainings/wp-content/uploads/2025/08/cyber-security.png

Intermediate toAdvanced
SOC Analysts

Equip SOC Analysts with foundational and advanced understanding of Gen AI (Generative AI) and LLMs (Large Language Models) in cybersecurity.

Mastering Gen AI Tools for SOC Analysts

Training Details

Training Duration

180

Exam Requirement

Certificate Support

Yes

Module	Curriculum
	1.1 Introduction to AI and Machine Learning in Cybersecurity Overview of AI concepts and their real-world applications in threat detection and prevention. Differences between LLMs (GPT, LLaMA, Claude, DeepSeek) and their cybersecurity implications. Learning Objective: Understand core AI concepts, LLM capabilities, and their relevance to SOC operations.
Module 1 Foundations of AI & LLMs for Cybersecurity	1.2 Understanding LLMs (Large Language Models) Architecture and mechanisms of LLMs: transformers, self-attention, fine-tuning. Local Deployment: Setting up LLMs locally using LLMStudio and Pinokio. Cloud Deployment: Utilizing OpenAI, Anthropic, HuggingFace for security analysis. Key Tools: langchain, llama.cpp, transformers. Hands-On Lab: Deploy a local LLM and perform a security-focused prompt (e.g., summarizing a malware report). Lab Setup: Requirements: Python, Docker, LLMStudio. Tasks: Install dependencies and configure LLMStudio. Deploy an LLM locally and generate a malware analysis summary. Compare results with cloud-based models.
	1.3 Common Issues and Limitations Hallucinations: Why LLMs generate false information and how to mitigate it. Security implications of model misuse and ethical considerations. Learning Objective: Recognize LLM limitations and apply best practices to mitigate risk.
Module 2 AI for Cybersecurity vs. Cybersecurity for AI	2.1 Securing AI Systems Attack vectors: prompt injection, model evasion, data poisoning, and model theft. OWASP Top 10 for LLMs and MITRE ATLAS for AI threats. Open-source tools for red-teaming AI: Garak, Giskard, AdvBench. Hands-On Lab: Perform a red-team exercise: attempt prompt injection on a local LLM. Generate SIEM queries and parse logs using ChatGPT and LLMStudio. Lab Setup: Requirements: Local LLM, Python scripts for log parsing. Tasks: Deploy a vulnerable LLM instance. Test prompt injection techniques and observe outcomes. Write SIEM query prompts and analyze results.
	2.2 Applying AI for Security Operations AI for CISO decision support, IR automation, and pentesting. Basics and advanced techniques in Prompt Engineering. Prompting for log analysis, malware triage, and policy drafting. Learning Objective: Understand how AI augments decision-making and incident response in SOC operations.
	3.1 Offensive AI Techniques Deepfakes and voice cloning for social engineering. AI-generated phishing attacks (DarkWebGPT, WormGPT). Malware development assistance using CodeGen and AI.
Module 3 Threat Actor Use of AI	3.2 Real-World Scenarios and Labs Simulating a phishing attack with AI-generated emails. Crafting malware templates using LLMs (in a controlled environment). Analyzing AI-generated disinformation campaigns.
	Hands-On Lab: Use DeepFaceLab to understand deepfake creation and detection. Generate a phishing email with WormGPT simulation. Lab Setup: Requirements: DeepFaceLab, WormGPT. Tasks: Clone a voice and generate a fake call. Craft a phishing email template using AI.
	4.1 Practical AI Applications in SOC Phishing Triage & IOC Extraction. Automated Windows/Linux log parsing. EDR telemetry analysis. DDoS attack insights using AI for tcpdump analysis. Playbook generation for Incident Response.
Module 4 Advanced SOC & IR Use Cases	4.2 Extended Use Cases Scenario creation for Tabletop Exercises. SOC Playbook automation with AI. Interview question generation for new SOC hires. Creating onboarding plans and incident response templates.
	Hands-On Lab: Prompt an AI to generate an IR Playbook for a ransomware incident. Parse Windows Event Logs using AI for anomaly detection.
	5.1 Threat Intelligence with AI Using LLMs for threat actor profiling and TTP mapping. Campaign clustering and dark web monitoring automation.
Module 5 Threat Actor Use of AI	5.2 Compliance Monitoring and Reporting AI-driven compliance mapping (NIST, ISO 27001, GDPR). Drafting policies with AI assistance.
	5.3 Building AI Agents & Automated Workflows Introduction to Agentic AI: Tracecat, n8n, CrewAI. Multi-agent workflows for SOC operations.

Training Goals

Hands-on Labs, Demos, and Interactive Discussions.

Demonstrate how threat actors exploit AI for offensive strategies and how SOC teams can counteract these with defensive AI techniques.

Empower SOC Analysts to automate routine tasks, accelerate incident response, and optimize threat detection using AI.

Introduce AI Agents for automating SOC workflows and real-time threat intelligence.

Ensure compliance understanding while leveraging AI for regulatory adherence.

https://socradar.io/trainings/wp-content/uploads/2025/08/ai-7-6.png

https://socradar.io/trainings/wp-content/uploads/2023/08/grid-scaled.png

Apply Now to Secure Your Spot – Limited Seats Available!

bt_bb_section_top_section_coverage_image

Frequently Asked Questions

Who should attend this training?

This training is ideal for SOC analysts, cybersecurity engineers, researchers, red-teamers, and AI-curious security professionals aiming to integrate real-world AI tools and agentic systems into their operational environments.

What topics are covered in the training?

The training covers LLM foundations, cloud vs local deployment, prompt engineering, AI red teaming, deepfake/phishing simulation, SOC automation (log parsing, playbook generation), threat intelligence clustering, compliance automation, and building AI agents using tools like n8n, Tracecat, and LLMStudio.

How long is the training program?

The core program spans 2 intensive day, structured into 5 modules with theory and hands-on labs. Participants can revisit content asynchronously, with full access to resources and lab environments.

What is the cost of the training?

Free for SOCRadar Customers, Partners, and the First 99 Applicants!

Will there be any hands-on exercises or practical workshops?

Absolutely. Every module includes lab sessions—such as deploying LLMs locally, crafting phishing emails with AI, generating IR playbooks, simulating prompt injections, parsing logs, and building multi-agent security workflows using real tools like LLMStudio, WormGPT, and Tracecat.

How can SOCRadar's tools and services be utilized in this training?

SOCRadar’s threat intel feeds, CVE insights, and brand monitoring data can be integrated into GenAI workflows using techniques covered in the training (like RAG, IOC enrichment, and automated bot monitoring), making threat detection and reporting even more contextual and actionable.

Is there any certification provided upon completion?

Yes. A certificate of completion is issued after participants complete the hands-on labs and key modules, which can be used to validate AI literacy in cybersecurity operations and shared on professional platforms.