Skip to content

Nexus SecOps Learning Concepts

150 Most Important Concepts for AI-Powered Security Operations

This document lists the core concepts covered in the Nexus SecOps textbook, ordered roughly from foundational to advanced. These concepts form the knowledge graph that structures the learning experience.

Foundational Concepts (1-30)

  1. Confidentiality, Integrity, Availability (CIA Triad)
  2. Defense in Depth
  3. Cyber Kill Chain
  4. MITRE ATT&CK Framework
  5. Security Operations Center (SOC)
  6. SOC Analyst Tiers (1, 2, 3)
  7. Mean Time to Detect (MTTD)
  8. Mean Time to Acknowledge (MTTA)
  9. Mean Time to Respond (MTTR)
  10. Mean Time to Contain (MTTC)
  11. Dwell Time
  12. Alert Fatigue
  13. True Positive (TP)
  14. False Positive (FP)
  15. True Negative (TN)
  16. False Negative (FN)
  17. Security Event
  18. Security Incident
  19. Log Source
  20. Telemetry
  21. Endpoint Detection and Response (EDR)
  22. Network Traffic Analysis (NTA)
  23. Security Information and Event Management (SIEM)
  24. Data Lake
  25. Log Normalization
  26. Log Enrichment
  27. Schema Mapping
  28. Data Retention Policy
  29. Compliance Logging
  30. Syslog

Telemetry & Data Concepts (31-50)

  1. Windows Event Logs
  2. Sysmon
  3. JSON Logging
  4. Common Event Format (CEF)
  5. Elastic Common Schema (ECS)
  6. Splunk Common Information Model (CIM)
  7. Network Flow (NetFlow, IPFIX)
  8. Packet Capture (PCAP)
  9. DNS Logs
  10. Proxy Logs
  11. Firewall Logs
  12. VPN Logs
  13. Cloud Audit Logs (CloudTrail, Azure Activity)
  14. Identity and Access Management (IAM) Logs
  15. Authentication Logs
  16. Process Execution Logs
  17. File Integrity Monitoring (FIM)
  18. Registry Monitoring
  19. Command-Line Auditing
  20. PowerShell Logging

Detection Concepts (51-80)

  1. Indicator of Compromise (IOC)
  2. Tactics, Techniques, and Procedures (TTP)
  3. Signature-Based Detection
  4. Heuristic Detection
  5. Behavioral Analytics
  6. Anomaly Detection
  7. Baseline
  8. Threshold
  9. Correlation Rule
  10. Detection Rule
  11. Use Case
  12. Sigma Rule Format
  13. YARA Rule
  14. Snort/Suricata Rule
  15. Detection Logic
  16. Time Window
  17. Event Aggregation
  18. Detection Coverage
  19. Detection Gap
  20. Atomic Red Team
  21. Purple Teaming
  22. Detection Testing
  23. Tuning
  24. Alert Prioritization
  25. Severity Scoring
  26. MITRE ATT&CK Mapping
  27. ATT&CK Navigator
  28. Detection Engineering
  29. Rule Version Control
  30. False Positive Rate (FPR)

Triage & Investigation Concepts (81-100)

  1. Alert Triage
  2. Escalation Criteria
  3. Runbook
  4. Playbook
  5. Standard Operating Procedure (SOP)
  6. Enrichment
  7. Context
  8. Asset Inventory
  9. User Context
  10. Threat Context
  11. Timeline Analysis
  12. Pivoting
  13. Lateral Movement
  14. Initial Access
  15. Persistence Mechanism
  16. Command and Control (C2)
  17. Exfiltration
  18. Investigation Hypothesis
  19. Indicator Aggregation
  20. Attribution

Threat Intelligence Concepts (101-115)

  1. Threat Intelligence (TI)
  2. Strategic Intelligence
  3. Tactical Intelligence
  4. Operational Intelligence
  5. Technical Intelligence
  6. Indicator
  7. Threat Actor
  8. Campaign
  9. Confidence Score
  10. Indicator Freshness
  11. STIX (Structured Threat Information Expression)
  12. TAXII (Trusted Automated Exchange of Indicator Information)
  13. Threat Feed
  14. False Positive Indicator
  15. Indicator Enrichment

Automation & Response Concepts (116-130)

  1. Security Orchestration, Automation, and Response (SOAR)
  2. Automation
  3. Orchestration
  4. Workflow
  5. Decision Tree
  6. Approval Gate
  7. Containment
  8. Eradication
  9. Recovery
  10. Incident Response Lifecycle
  11. Incident Classification
  12. Incident Severity
  13. Safety Check
  14. Rollback Mechanism
  15. Rate Limiting

AI/ML Concepts (131-150)

  1. Machine Learning (ML)
  2. Supervised Learning
  3. Unsupervised Learning
  4. Semi-Supervised Learning
  5. Classification
  6. Regression
  7. Clustering
  8. Outlier Detection
  9. Feature Engineering
  10. Training Data
  11. Test Data
  12. Validation Data
  13. Overfitting
  14. Underfitting
  15. Precision
  16. Recall (Sensitivity)
  17. F1 Score
  18. ROC Curve
  19. AUC (Area Under Curve)
  20. Confusion Matrix

Advanced AI & LLM Concepts (Bonus: 151-170)

  1. Large Language Model (LLM)
  2. Prompt Engineering
  3. Few-Shot Learning
  4. Zero-Shot Learning
  5. Retrieval-Augmented Generation (RAG)
  6. Grounding
  7. Hallucination
  8. Prompt Injection
  9. Guardrail
  10. Input Validation
  11. Output Filtering
  12. Explainability
  13. Model Drift (Concept Drift)
  14. Model Retraining
  15. A/B Testing
  16. Evaluation Framework
  17. Bias in ML
  18. Adversarial Examples
  19. Privacy-Preserving ML
  20. Differential Privacy

Usage Notes

  • Dependencies: See dependencies.csv for prerequisite relationships
  • Taxonomy: See taxonomy.md for concept classification into 10 categories
  • In-Text Linking: These concepts are linked throughout chapter content
  • Glossary: Detailed definitions available in glossary.md

Total Concepts: 170 Core Concepts (Focus): 150 Document Version: 1.0.0 Last Updated: February 2026