24observe SOC Labs

Students · Getting started

Getting started

Your first login takes about two minutes. Sign in, secure your account, and find your assigned lab — then you're ready to work your first incident.

Before you begin

Your instructor enrolls you and sends you an email plus a one-time temporary password. That's your access — there's no public sign-up to complete and nothing to install. If you have those two things, you're ready.

!

No login? Your instructor hasn't enrolled you yet. Accounts exist only because an instructor created them — there is no public sign-up. If you don't have an email and a temporary password, reach out to your instructor rather than trying to register.

Step 1 — Sign in

  1. Open learn.24observe.com.
  2. Enter your email and the temporary password from your instructor.
  3. Click sign in. You'll land on your dashboard.

Step 2 — Change your password (recommended)

Your temporary password was handed out once and is meant to be replaced. Open Settings and set a password only you know. It's good security hygiene — and exactly the kind of habit a SOC analyst lives by.

Step 3 — Get your bearings

Everything you need is reachable from the left sidebar. Two places matter for labs:

  • Training → Labs — your home base. Here you'll find your assigned lab card with a Start lab button. This is where you launch a lab and, later, submit your verdict.
  • Monitoring → Incidents — where your incident appears after you start a lab. This is the live feed an analyst watches; your case will show up here once a detection rule fires.
i

You'll only see your own sandbox. The labs, incidents, and data in your account are private to you — there's no other student's work to wade through.

What to do first

Don't click Start lab just yet — get oriented first so you know what to expect when telemetry starts flowing:

  1. Open Training → Labs and read your assigned lab card: its title, what it's about, and what you'll be graded on.
  2. Open Monitoring → Incidents so you know where your incident will land. It'll be empty for now — that's expected.
  3. When you're ready, come back to Labs and click Start lab. Then give it about a minute for the incident to open.

The roughly one-minute wait after you click Start is normal. A detection rule evaluates incoming activity on a short cycle, so the incident appears shortly after — not the instant you click.

That's your tour. Next, learn how a lab is built stage by stage in Anatomy of a lab — or dive straight in with the full brute-force walkthrough.