Course Details
Your Growth, Our Mission
.jpg)
Course Description
The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.
CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry. The program focuses on creating new career opportunities through extensive, meticulous knowledge with enhanced level capabilities for dynamically contributing to a SOC team. Being an intense 3-day program, it thoroughly covers the fundamentals of SOC operations, before relaying the knowledge of log management and correlation, SIEM deployment, advanced incident detection, and incident response. Additionally, the candidate will learn to manage various SOC processes and collaborate with CSIRT at the time of need.
This is the recommended training for those students looking to achieve the EC-Council Certified SOC Analyst Certification
The Training Course Will Highlight ?
Training Objective
After completing this course you should be able to:
- Articulate SOC processes, procedures, technologies, and workflows.
- Understand and security threats, attacks, vulnerabilities, attacker’s behaviors, cyber kill chain, etc.
- Recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
- Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers and workstations).
- Apply Centralized Log Management (CLM) processes.
- Perform Security events and log collection, monitoring, and analysis.
- Understand Security Information and Event Management.
- Administer SIEM solutions (Splunk /Alien Vault/OSSIM/ELK).
- Understand the architecture, implementation and fine tuning of SIEM solutions (Splunk/ Alien Vault/OSSIM/ELK).
- Gain hands-on experience on SIEM use case development process.
- Develop threat cases (correlation rules), create reports, etc.
- Recognize use cases that are widely used across the SIEM deployment.
- Plan, organize, and perform threat monitoring and analysis in the enterprise.
- Monitor emerging threat patterns and perform security threat analysis.
- Gain hands-on experience in alert triaging process.
- Escalate incidents to appropriate teams for additional assistance.
- Use a Service Desk ticketing system.
- Prepare briefings and reports of analysis methodology and results.
- Integrate threat intelligence into SIEM for enhanced incident detection and response.
- Make use of varied, disparate, constantly changing threat information.
- Articulate knowledge of Incident Response Process.
Understand SOC and IRT collaboration for better incident response
Target Audience
SOC Analysts (Tier I and Tier II), Cybersecurity Analysts, Entry-level cybersecurity professionals. Network and Security Administrators
Training Methods
Daily Agenda
SOC Essential Concepts
Computer Network Fundamentals
TCP/IP Protocol Suite
Application Layer Protocols
Transport Layer Protocols
Internet Layer Protocols
Link Layer Protocols
IP Addressing and Port Numbers
Network Security Controls
Network Security Devices
Windows Security
Unix/Linux Security
Web Application Fundamentals
Information Security Standards, Laws and Acts
Security Operations and Management
Security Management
Security Operations
Security Operations Center (SOC)
Need of SOC
SOC Capabilities
SOC Operations
SOC Workflow
Components of SOC: People, Process and Technology
People
Technology
Processes
Types of SOC Models
SOC Maturity Models
SOC Generations
SOC Implementation
SOC Key Performance Indicators
Challenges in Implementation of SOC
Best Practices for Running SOC
SOC vs NOC
Understanding Cyber Threats, IoCs and Attack Methodology
Cyber Threats
Intent-Motive-Goal
Tactics-Techniques-Procedures (TTPs)
Opportunity-Vulnerability-Weakness
Network Level Attacks
Host Level Attacks
Application Level Attacks
Email Security Threats
Understanding Indicators of Compromise
Understanding Attacker's Hacking Methodology
Incidents, Events and Logging
Incident
Event
Log
Typical Log Sources
Need of Log
Logging Requirements
Typical Log Format
Logging Approaches
Local Logging
Centralized Logging
Incident Detection with Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
Security Analytics
Need of SIEM
Typical SIEM Capabilities
SIEM Architecture and Its Components
SIEM Solutions
SIEM Deployment
Incident Detection with SIEM
Examples of Commonly Used Use Cases Across all SIEM deployments
Handling Alert Triaging and Analysis
Enhanced Incident Detection with Threat Intelligence
Understanding Cyber Threat Intelligence
Why-Threat Intelligence-driven SOC?
Incident Response
Incident Response
Incident Response Team (IRT)
Where does IRT Fit in the Organization
SOC and IRT Collaboration
Incident Response (IR) Process Overview
Step 1: Preparation for Incident Response
Step 2: Incident Recording and Assignment
Step 3: Incident Triage
Step 4: Notification
Step 5: Containment
Step 6: Evidence Gathering and Forensic Analysis
Step 7: Eradication
Step 8: Recovery
Step 9: Post-Incident Activities
Responding to Network Security Incidents
Responding to Application Security Incidents
Responding to Email Security Incidents
Responding to Insider Incidents
Responding to Malware Incidents
Accreditation
Quick Enquiry
Request Info
Course Rounds
3 Days| Code | Date | Venue | Fees | Action |
|---|
Prices don't include VAT
Related Courses
Your Growth, Our Mission
Contact Us
Contact us to meet all your inquiries and needs, as our professional team is pleased to provide immediate support and advice to ensure you achieve your goals and facilitate your experience with us in the best possible way.
UAE
Office
Mobile
E-mail
Working
Hours