SOCForge Beta

Launch. Triage. Defend.

A dynamic, ever-changing SOC simulator built to develop and sharpen real analyst skills.

What is SOCForge

A Live SOC Battleground That Evolves With Your Skills

SOCForge is not a course. There are no walkthroughs. Every session is a live organisation under attack, a growing queue of alerts and a threat that keeps moving. Launch your environment, triage what is coming in and defend what matters.

Launch

Spin up a live SOC environment. Each session gets a unique organisation, a distinct threat profile and an alert queue already in motion.

Triage

Work through incoming alerts spanning lateral movement, privilege escalation and exfiltration. Cut through the noise and make your call.

Defend

Stop the attacker before they reach their objective. Your MTTR, accuracy and MITRE coverage are tracked every session as the difficulty keeps climbing.

Launch

A unique organisation, a distinct threat profile and an alert queue already in motion.

Triage

Alerts spanning lateral movement, privilege escalation and exfiltration. Cut the noise and make your call.

Defend

Stop the attacker. MTTR, accuracy and MITRE coverage tracked every session as the difficulty keeps climbing.

SIEM — AcmeCorp Environment

● LIVE

CRITICAL09:14:32

Lateral Movement Detected

SMB traffic from WORKSTATION-04 → DC01

HIGH09:15:01

Privilege Escalation Attempt

Token impersonation on SRV-FINANCE

MEDIUM09:15:44

Suspicious PowerShell Execution

Encoded command from user jsmith

4m 12s

MTTR

87%

Accuracy

3 — Tier II

Level

The Environment Doesn't Stop. Neither Do the Threats.

Alerts fire as incidents develop. Attackers move laterally, escalate privileges and exfiltrate data whether you are watching or not. The SIEM will not tell you what matters. That is your job.

Alert queue evolves as the incident unfolds
Attackers follow realistic TTPs across the kill chain
No hints and no guided steps
True positives, false positives and missed attacks all scored
Scenario intensity scales with your analyst tier

Why SOCForge

Because Knowing Is Not the Same as Being Ready

Courses teach you how detection works. SOCForge keeps you sharp enough to actually do it. Every session pushes your limits so your skills never go stale.

Adaptive Difficulty

SOCForge raises the bar as you improve. More stages, more noise and harder attack chains until you start missing things.

Scenario intensity scales with your analyst tier
Multi-stage overlapping attack chains at higher levels
Noise-to-signal ratio increases as you improve
Full session history to track your progression

Real Metrics

Track Mean Time to Respond, detection accuracy, false positive rate and MITRE ATT&CK coverage across every session.

MTTR measured per alert and per session
Accuracy and false positive rate scored separately
Missed attacks count against you
MITRE ATT&CK coverage built up over time

Multiple Environments

Run several SOC environments simultaneously, each with a different organisation, threat actor and active incident set.

Multiple concurrent sessions with independent threat profiles
Unique organisation and incident set per environment
Sessions persist so you can resume where you left off
Compare your scoring across environments

Share Your Skills

Publish your analyst profile or a session report and show employers your actual performance numbers.

Public analyst profile with tier, MTTR and accuracy
Per-session reports shareable via a permanent link
One-click sharing to LinkedIn and X
Real performance data not just a certificate

Performance Tracking

Four Metrics. No Hiding.

Every alert you touch feeds your scorecard. SOCForge holds you accountable to the same standards a real SOC lead would use to evaluate your performance.

Mean Time to Respond

How fast you close alerts averaged across the session. Speed matters but not at the cost of accuracy.

Detection Accuracy

How many alerts you called correctly as true positives. Your core triage skill measured under real pressure.

False Positive Rate

How often you escalated noise that was not a real threat. High rates burn analyst time and erode trust.

MITRE ATT&CK Coverage

The tactics and techniques you have encountered and triaged across all sessions. Your breadth as a detection analyst.

Beta

Currently in Beta

SOCForge is live and actively expanding. We are deepening the scenario engine, broadening MITRE ATT&CK coverage and building team-based SOC exercises. What ships next is shaped by the analysts using it now.

Live SIEM simulator with scored alert triage
Multiple concurrent SOC environments per analyst
MTTR, detection accuracy and MITRE ATT&CK coverage tracking
Shareable analyst profiles and per-session performance reports
Collaborative team SOC exercises (coming soon)

The Network Is Already Compromised

Your environment spins up mid-incident. Alerts are already firing. The attacker is already moving. How long before you catch them?

Get Started View Pricing

Available with a Rebel subscription