To access the SOC SIM head over to here and select “Launch Simulator”

To start a scenario, press start on one of the following scenarios:

You will be prompted with this screen, whilst the VM and simulator load:

Once this has fully loaded, you will be prompted with this screen:

To assign an alert, select “Alert Queue” which is on the left of the screen:

Once you are in the alert you will have a few alerts pop up, depending on which scenario you are doing. Here you will be able to see all the alerts that have came in so far. You can click the drop down arrow to expand the alert and look at more information on how the alert came in:

To assign the alert, press the head icon on the right side to assign it to the “Assigned Alert”

Your alert will now show up in “Assigned Alert(s)”

Once you have assigned alerts, you will be able to write a case report. The write case report is above the assigned alert

You will get a prompt to choose whether it’s a “True Positive” or “False Positive”

Once selected one of the options, you will be moved to this screen, where you will be able to fill out the details of the alert and can choose to escalate the alert:

Once you have filled out your report with the details, you can hit “Submit and close alert”

After you have closed the alert out, you will be sent back to alert queue to look at more alerts and repeat the same process

You will need to identify all the true positive alerts to pass the scenario.

Passed:

You will get this screen once you have identified all True Positives and it will look like this:

Failed:

If you fail the scenario, you will get this screen if you ran out of time or was unable to identify all True Positives:

Having Issues?

Contact [email protected] to resolve any issues you may have with the SOC SIM

Are you an existing B2B or EDU customer and still have questions?
Please reach out to your Customer Success Manager or Technical Support for assistance.