Cover6: First Watch

It’s Friday at 4:47 PM. You get a call.

The registrar can’t access the student records database. IT is getting reports from three other departments. Someone in research says their desktop is showing a ransom note.

That’s Odapeeka State University. And you’re the SOC analyst.

Cover6: First Watch is a 7-day live SOC simulation. The moment you enroll, you have access to the same two platforms used in the full Cover6 SOC Analyst Prep Labs course: a live Splunk environment and Security Onion — both pre-configured, both pointed at real data.

Splunk is your SIEM. It holds the endpoint logs, authentication events, and application data. Security Onion is your network monitoring platform. It shows you what moved across the wire.

You’ll investigate using BOTS v2 — Boss of the SOC, the industry-standard dataset used by security teams and hiring managers worldwide to assess analyst skills. The data is real. The attack chain is real. The clues are in the logs.

The dashboard you build to track failed logins is the same dashboard that surfaces the attacker’s lateral movement. The SPL filter you write on Day 3 is how you find patient zero on Day 5. On Day 7 you’ll see the full attack chain — and your AI-reviewed IR report scored against it.

Lab access activates immediately on enrollment and expires 7 days later. No extensions — but you can re-enroll. First enrollment is free. Re-enrollment: $6.

The clock starts when you enroll. Alex’s waiting.