Cover6: First Watch

In 2020, I gave a Security Onion demo at BSides NoVA. About 50 people in that room. My main server went down. Then my backup went down. The room laughed it off — they trusted me. But it bothered me. I vowed to get it working properly.

This is that. Free. Live. Yours for 7 days.

— Tyrone E. Wilson, CEO, Cover6 Solutions

It’s Friday at 4:47 PM. You get a call.

The registrar can’t access the student records database. IT is getting reports from three other departments. Someone in research says their desktop is showing a ransom note.

That’s Odapeeka State University. And you’re the SOC analyst.

Cover6: First Watch is a 7-day live SOC simulation. The moment you enroll, you have access to the same two platforms used in the full Cover6 SOC Analyst Prep Labs course: a live Splunk environment and Security Onion — both pre-configured, both pointed at real data.

Splunk is your SIEM. It holds the endpoint logs, authentication events, and application data. Security Onion is your network monitoring platform. It shows you what moved across the wire.

You’ll investigate using BOTS v2 — Boss of the SOC, the industry-standard dataset used by security teams and hiring managers worldwide to assess analyst skills. The data is real. The attack chain is real. The clues are in the logs.

The dashboard you build to track failed logins is the same dashboard that surfaces the attacker’s lateral movement. The SPL filter you write on Day 3 is how you find patient zero on Day 5. On Day 7 you’ll see the full attack chain — every stage of the breach, from initial phishing to ransomware detonation.

Lab access activates immediately on enrollment and expires 7 days later. No extensions — but you can re-enroll. First enrollment is free. Re-enrollment: $6.

The clock starts when you enroll. Alex’s waiting.