AI Assistants and AgentsAI SecuritySecurity OperationsAI & DataSecurity
Learning path

Building an AI Security Analyst from Scratch

Skill Level
Intermediate
Duration 3 hours 20 minutes
Updated May 6, 2026

About this learning path

Transform an empty AI platform into a working SOC analyst across four hands-on labs. Build Red Team skills for reconnaissance and credential attacks, Blue Team skills for endpoint and network investigation, and Correlation skills that tie six data sources into a unified threat timeline. Implement Human-in-the-Loop governance and learn why how you prompt matters more than which model you use.

Your instructors

Shoaib Mohammed ShahapuriWorld Wide TechnologyTeam Lead, ATC Delivery

Prerequisites

  1. Basic SOC experience — understanding of alert triage workflows, SIEM concepts, and familiarity with the MITRE ATT&CK framework
  2. Linux command line comfort — navigating directories, running scripts, editing files in VS Code or similar editor
  3. Windows and Active Directory fundamentals — event logs (logon, process creation), domains, users, groups, and privilege concepts
  4. Networking basics — understanding of common protocols (SMB, DNS, HTTP, RDP, Kerberos) and what network traffic reveals
  5. No prior AI, LLM, or OpenClaw experience required — the learning path teaches this from scratch

What you'll learn

  1. Build a dual-persona AI security assistant (Red Team + Blue Team) with human-in-the-loop governance controls that prevent unintended execution
  2. Create AI skills that wire into 6 live data sources — Wazuh XDR, Security Onion, Windows Events, Sysmon, Active Directory, and Suricata
  3. Investigate real security alerts using AI-powered multi-source correlation — querying all data sources simultaneously instead of one at a time
  4. Diagnose and fix broken AI configurations — the practical debugging skills needed for real-world AI tool deployment
  5. Apply prompt engineering to transform raw security data into actionable intelligence — detecting automation signatures, timing anomalies, and behavioral patterns that no static SIEM rule can catch
  6. Produce structured, executive-ready security assessments from self-directed investigations — the same output expected of a senior SOC analyst
  1. 1. Platform, Governance & Red Team Skills
    1. Enroll in this learning path to view locked contentExplore OpenClaw, Governance & Red Team Arsenal
      Lab
      Locked
  2. 2. Blue Team Investigation Skills
    1. Enroll in this learning path to view locked contentBlue Team Investigation Skills
      Lab
      Locked
  3. 3. Correlation & Troubleshooting
    1. Enroll in this learning path to view locked contentCorrelation Skills & The Debugging Challenge
      Lab
      Locked
  4. 4. Investigation & Prompt Engineering
    1. Enroll in this learning path to view locked contentInvestigation & Prompt Engineering Masterclass
      Lab
      Locked
  5. 5. Your AI Security Analyst Is Ready — Are Your Prompts?
    1. Enroll in this learning path to view locked contentBuilding an AI Security Analyst — Knowledge Check
      Quiz
      Locked
    2. Enroll in this learning path to view locked contentLearning Path Complete
      Achievement Badge
      Locked