TryHackMe Security Analyst Level 1
TryHackMe's hands-on SOC analyst certification using a realistic SOC simulator that mirrors the flow of triage, analysis, and reporting. Targets entry-level Tier 1 SOC roles and complements BTL1 in the practical-blue-team space. 24-hour exam combining knowledge checks with live alert investigation and structured incident reporting. Strong portfolio signal for SOC analyst, incident responder, and detection engineer applicants.
What you'll prove
- Triage and investigate security alerts in a realistic SOC simulator environment
- Perform log analysis across SIEM, endpoint, and network telemetry sources
- Apply MITRE ATT&CK mapping to observed adversary behaviors
- Conduct phishing investigation and email header analysis
- Document incident findings in a professional analyst report
- Escalate incidents following Tier 1 to Tier 2 SOC procedures
Frequently asked
How much does TryHackMe SAL1 cost?
$349 USD with 3 months of Premium access and one free retake included. Premium subscribers get a 15% discount.
SAL1 vs BTL1 — which is better for SOC roles?
Both are practical blue team certs. BTL1 is a 24-hour open-book lab-based incident simulation with broader practitioner recognition. SAL1 uses a SOC simulator that closely mirrors real Tier 1 alert-queue work. SAL1 costs less ($349 vs $490) and bundles training; BTL1 has stronger community signal in 2026. Many candidates do SAL1 first then BTL1.