ShadowXLab Logo
SHADOWXLAB
SOC / NOC Job Simulator • Mini Demo
SOC-360 LIVE INCIDENT VIEW
People • Process • Technology – the way real SOCs run daily.
Day 0 • Training Mode
Read-only • Safe to explore
Total Alerts (Last Hour)
0
All Sources
Open Incidents
0
Watch
Critical / High Alerts
0
Risk Focus
SLA – Response within 15 mins
98%
Healthy
Incident Queue
Pick an alert and walk-through real-world troubleshooting.
Training Mode • 0 Resolved
ID Event Severity Device Site Status

Hint: Interview lo cheppali ante – which alert would you pick first and why?

Your L1 Runbook
Select an incident from the left to begin.
AI Assistant: guides you, but you still think like engineer.
Context
• Choose an alert from the queue.
• Read the scenario, run checks, and mark it resolved.
• This is exactly how Day-0 simulator feels – just lighter.
Linux
Networking
Security
L1 Checklist
  • 1. Select an incident from the left panel.
  • 2. Tell interviewer: what is impact, which users/branches affected.
  • 3. Decide: can L1 fix, or escalate to L2 / Security.
Investigation Notes / Sample Logs
Select an incident to view sample commands / log snippets.

Example interview line:
"As an L1 SOC analyst, I first check the SIEM event details,
correlate with firewall / server logs, and then follow the
documented playbook before escalating."
People • Process • Technology
How your SOC actually moves the alert to closure.
People – Roles on this Incident
  • SOC L1 – Trainee
    First triage, basic checks
    You
  • SOC L2
    Deep analysis, tuning
    Standby
  • Incident Manager
    Communication + business priority
    Paged if P1

Interview tip: Explain who you talk to – not just which tool you open.

Process – Where are we in the run?
  • 1. Detect & triage in SIEM.
  • 2. Validate impact with network / server checks.
  • 3. Contain / workaround (block, failover, restart, etc.).
  • 4. Document in ticket & update stakeholders.
  • 5. Lessons learnt (use for tuning & training).
Technology – Tool Stack Snapshot
SIEM / Log Platform
Ingesting events ✓
Firewall / WAF
Policies synced ✓
EDR / AV
Agents healthy ✓
Ticketing System
SLA timer running ✓
Email Security
Phish campaign detected !
DNS / Proxy
Blocking risky domains ✓

Answer like this: “For this alert I will use SIEM + firewall + OS logs, and finally update the ticketing tool.”