Security Monitoring & SIEM
20%
Splunk and Elastic Stack configuration, SPL/KQL queries, alert tuning, dashboards
Log Analysis
15%
Windows Event Logs (Sysmon, Security, System), Linux syslog, Apache/Nginx, DNS logs
Incident Response
20%
IR lifecycle, containment/eradication/recovery, IOC extraction, timeline analysis
Threat Hunting
15%
Hypothesis-driven hunting, behavioral detection, MITRE ATT&CK mapping
Digital Forensics
15%
Memory forensics (Volatility), disk forensics, artifact analysis, chain of custody
Malware Triage
10%
Static and dynamic analysis basics, YARA rules, sandbox analysis, IOC extraction
Network Traffic Analysis
5%
Wireshark/Zeek/Suricata, protocol anomaly detection, C2 traffic patterns