Cover6: First Watch

In 2020, I gave a Security Onion demo at BSides NoVA. About 50 people in that room. My main server went down. Then my backup went down. The room laughed it off — they trusted me. But it bothered me. I vowed to get it working properly.

This is that. Free. Live. Yours for 7 days.

— Tyrone E. Wilson, CEO, Cover6 Solutions

It’s Friday at 4:47 PM. You get a call.

The registrar can’t access the student records database. IT is getting reports from three other departments. Someone in research says their desktop is showing a ransom note.

That’s Odapeeka State University. And you’re the SOC analyst.

Cover6: First Watch is a 7-day live SOC simulation. The moment you enroll, you have access to the same two platforms used in the full Cover6 SOC Analyst Prep Labs course: a live Splunk environment and Security Onion — both pre-configured, both pointed at real data.

Splunk is your SIEM. It holds the endpoint logs, authentication events, and application data. Security Onion is your network monitoring platform. It shows you what moved across the wire.

The dashboard you build to track failed logins is the same dashboard that surfaces the attacker’s lateral movement. The SPL filter you write on Day 3 is how you find patient zero on Day 5. On Day 7 you’ll see the full attack chain — every stage of the breach, from initial phishing to ransomware detonation.

Lab access activates immediately on enrollment and expires 7 days later. First enrollment is free. Need more time after your 7 days? Extend your access below.

The clock starts when you enroll.

🟥 Extend Your Lab Access

Running short on time? Grab more lab access below. Extensions stack from your current expiry date — no time wasted.

📥 Course Resources — Download Before You Start

📄 Student Handout (PDF)
📁 PCAP Files (Google Drive)
📂 All First Watch Files

🖥️ Lab Access

📊 Splunk SIEM
🧅 Security Onion
🎓 Odapeeka State