Cyber-attacks, breaches, and incidents continue to grow. The sophistication and complexity of these attacks continue to evolve. More than ever organizations need to plan, prepare, and defend against a potential cyber incident. Security Operation Centers (SOCs) act as an organization's front-line defense against cyber incidents. SOC analyst accomplishes this by monitoring and responding to network and host anomalies, performing an in-depth analysis of suspicious events, and when necessary, aiding in forensic investigations. This course is designed to be a primer for anyone planning on taking the EC-Council CSA course. We will discuss the structure, organization, and general daily activities of SOC analysts. We will also look at several defensive tools including SEIMs, IDS, and IPS. We will talk about event monitoring and vulnerability management. Finally, we will talk about what to expect when an incident happens.