Are you ready to enter the high-demand field of cybersecurity? The EC-Council Certified SOC Analyst (CSA) program is your essential first step towards a thriving career in a Security Operations Center (SOC). This comprehensive training is specifically designed to equip both current and aspiring Tier I and Tier II SOC analysts with the proficiency needed to excel in entry-level and intermediate-level operations.
The CSA is an intensive 3-day training and credentialing program that provides candidates with trending and in-demand technical skills, delivered by some of the most experienced trainers in the industry. The program focuses on creating new career opportunities by providing extensive, meticulous knowledge and enhanced capabilities, enabling you to dynamically contribute to any SOC team.
You will gain a thorough understanding of the fundamentals of SOC operations, followed by in-depth knowledge of log management and correlation, SIEM deployment, advanced incident detection, and robust incident response strategies. Furthermore, you will learn to effectively manage various SOC processes and collaborate seamlessly with the Computer Security Incident Response Team (CSIRT) when critical situations arise.
Learning Outcomes
- Comprehensive SOC Operations Understanding – Gain in-depth knowledge of Security Operations Center (SOC) processes, procedures, technologies, and workflows, alongside a foundational understanding of security threats, attacks, vulnerabilities, attacker behaviors, and the cyber kill chain.
- Proficient Log and Alert Analysis – Develop the ability to monitor and analyze logs and alerts from diverse technologies across multiple platforms (such as IDS/IPS, end-point protection, servers, and workstations), including knowledge of Centralized Log Management (CLM) processes.
- Expertise in SIEM Solutions and Threat Detection – Acquire extensive knowledge and hands-on experience in Security Information and Event Management (SIEM), including administering, implementing, and fine-tuning solutions like Splunk, AlienVault, OSSIM, and ELK, as well as developing threat cases and correlation rules.
- Effective Threat Monitoring and Analysis – Learn to plan, organize, and perform enterprise-level threat monitoring and analysis, including the ability to identify emerging threat patterns and integrate threat intelligence into SIEM for enhanced incident detection.
- Skilled Incident Response and Collaboration – Gain a thorough understanding of the Incident Response Process, including hands-on experience in alert triaging, escalating incidents, and understanding the crucial collaboration between SOC and Incident Response Teams (IRT).
- Practical Reporting and Communication Skills – Develop the ability to use a Service Desk ticketing system and prepare professional briefings and reports detailing analysis methodology and results.
-
Who Should Take This Course ?
This course is ideal for current and aspiring Tier I and Tier II SOC analysts who want to achieve proficiency in performing entry-level and intermediate-level operations. Whether you're new to cybersecurity or looking to enhance your skills in a Security Operations Center, this program will equip you with comprehensive knowledge in SOC operations, log management, SIEM deployment, advanced incident detection, and incident response. It’s also a great fit for those interested in creating new career opportunities by gaining extensive and meticulous knowledge for dynamically contributing to a SOC team.
- Exam Format
- - Exam Title : Certified SOC Analyst
- - Exam Code : 312-39
- - Number of Questions : 100
- - Duration : 3 Hours
- - Test Format : Multiple Choice
- - Passing Score : 70%
The CSA exam is designed to test and validate a candidate’s comprehensive understanding of the jobs tasks required as a SOC analyst. Thereby validating their comprehensive understanding of a complete SOC workflow.
The CSA program requires a candidate to have 1 year of work experience in the Network Admin/ Security domain and should be able to provide proof of the same as validated through the application process unless the candidate attends official training.
-
Module 01: Security Operations and Management
- Security Management.
- Security Operations Center (SOC).
- Need of SOC.
- SOC Capabilities.
- SOC Operations.
- SOC Workflow.
- Components of SOC: People, Process and Technology.
- People.
- Technology.
- Processes.
- Types of SOC Models.
- SOC Maturity Models.
- SOC Generations.
- SOC Implementation.
- SOC Key Performance Indicators (KPI) and Metrics.
- Challenges in Implementation of SOC.
- Best Practices for Running SOC.
- SOC vs NOC.
-
Module 02: Understanding Cyber Threats, IoCs, and Attack Methodology
- Cyber Threats.
- Intent-Motive-Goal.
- Tactics-Techniques-Procedures (TTPs).
- Opportunity-Vulnerability-Weakness.
- Network Level Attacks.
- Host Level Attacks.
- Application Level Attacks.
- Email Security Threats.
- Understanding Indicators of Compromise (IoCs).
- Understanding Attacker’s Hacking Methodology.
- Exercise 1: Application Level Threats: Understanding the Working of SQL Injection Attacks.
- Exercise 2: Application Level Threats: Understanding the Working of XSS Attacks
- Exercise 3: Network Level Threats: Understanding the Working of Network Scanning Attacks
- Exercise 4: Host Level Threats: Understanding the Working of Brute Force Attacks
-
Module 03: Incidents, Events, and Logging
- Incident.
- Event.
- Log.
- Typical Log Sources.
- Need of LogTypical Log Sources.
- Logging Requirements.
- Typical Log Format.
- Logging Approaches.
- Local Logging.
- Centralized Logging.
- Exercise 1: Local Logging: Configuring, Monitoring, and Analyzing Windows Logs.
- Exercise 2: Local Logging: Configuring, Monitoring, and Analyzing IIS Logs.
- Exercise 3: Local Logging: Configuring, Monitoring, and Analyzing Snort IDS Logs.
- Exercise 4: Centralized Logging - Collecting Logs from DifferentDevices into Centralized Location
-
Module 04: Incident Detection with Security Information and Event Management (SIEM)
- Security Information and Event Management (SIEM).
- Security Analytics.
- Need of SIEM.
- Typical SIEM Capabilities.
- SIEM Architecture and Its Components.
- SIEM Solutions.
- SIEM Deployment.
- Incident Detection with SIEM.
- Examples of commonly Used Use Cases Across all SIEM deployments.
- Handling Alert Triaging and Analysis
- Exercise 1: Creating Splunk Use Case and Generating Alerts for Brute-force Attempts.
- Exercise 2: Creating Splunk Use Case and Generating Alerts for SQL Injection Attempts.
- Exercise 3: Creating Splunk Use Case and Generating Alerts for XSS Attempts.
- Exercise 4: Creating Splunk Use Case and Generating Alerts for Network Scanning Attempts.
- Exercise 5: Creating Splunk Use Case for Registry Monitoring.
- Exercise 6: Creating Splunk Use Case for Monitoring Insecure Ports and Services.
-
Module 05: Enhanced Incident Detection with Threat Intelligence
- Understanding Cyber Threat Intelligence.
- Why Threat Intelligence-driven SOC?
- Exercise 1: Integrating IoCs into ELK Stack.
- Exercise 2: Integrating OTX Threat Data in OSSIM.
- Exercise 3: Integrating Threat Intelligence Capability of OSSIM.
-
Module 06: Incident Response
- Incident Response.
- Incident Response Team (IRT).
- Where Does IRT Fits in the Organization?
- SOC and IRT Collaboration.
- Incident Response (IR) Process Overview.
- Step 1: Preparation for Incident Response.
- Step 1: Incident Recording and Assignment.
- Step 3: Incident Triage.
- Step 4: Notification.
- Step 5: Containment.
- Step 6: Evidence Gathering and Forensic Analysis.
- Step 7: Eradication.
- Step 8: Recovery.
- Step 9: Post-Incident Activities.
- Responding to Network Security Incidents.
- Responding to Application Security Incidents.
- Responding to Email Security Incidents.
- Responding to an Insider Incidents.
- Responding to Malware incidents.
- Exercise 1: Generating Tickets for Incidents.
- Exercise 2: Containing Data Loss Incidents.
- Exercise 3: Eradicating SQL injection and XSS Incidents.
- Exercise 4: Recovering from Data Loss Incidents.
- Exercise 5: Reporting an Incident.
EC Council Accredited Training Center (ATC)
Upon successfully passing the examination for this course, participants will be awarded a certificate, an example of which is shown below.
EC-Council Certified SOC Analyst (CSA) Certification
-
Physical Class 3 Days
-
Online Class 3 Days
-
Language English, Malay