Certified SOC Analyst
Certified SOC Analyst
Certified SOC Analyst

Certified SOC Analyst

The Certified SOC Analyst (CSA) program is the first step to joining a SOC. Designed for Tier I/II analysts, it delivers in-demand cybersecurity skills via experienced trainers. This 3-day program covers SOC fundamentals, log management, SIEM, advanced incident detection, and incident response. Candidates learn to manage SOC processes and collaborate with CSIRT.

This Course Is Ideal For

  • SOC Analysts (Tier I and Tier II)

  • Network and Security Administrators, Network and Security Engineers, Network Defense Analyst, Network Defense Technicians, Network Security Specialist, Network Security Operator, and any security professional handling network security operations

  • Cybersecurity Analyst

  • Entry-level cybersecurity professionals

  • Anyone who wants to become a SOC Analyst

  • SOC Analysts (Tier I and Tier II)

  • Network and Security Administrators, Network and Security Engineers, Network Defense Analyst, Network Defense Technicians, Network Security Specialist, Network Security Operator, and any security professional handling network security operations

  • Cybersecurity Analyst

  • Entry-level cybersecurity professionals

  • Anyone who wants to become a SOC Analyst

  • SOC Analysts (Tier I and Tier II)

  • Network and Security Administrators, Network and Security Engineers, Network Defense Analyst, Network Defense Technicians, Network Security Specialist, Network Security Operator, and any security professional handling network security operations

  • Cybersecurity Analyst

  • Entry-level cybersecurity professionals

  • Anyone who wants to become a SOC Analyst

What to Expect In This Course

SKILL LEVEL
Intermediate
DURATION
24 hours
CERTIFICATION
After Completion
LANGUAGE
English

Skill You Will Learn

  • Gain a basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber killchain, etc.

  • Able to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.

  • Able to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers, and workstations).

  • Gain knowledge of the centralized log management (CLM) process.

  • Able to perform security events and log collection, monitoring, and analysis.

  • Gain experience and extensive knowledge of security information and event management.

  • Gain knowledge of administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK)

  • Gain knowledge of administering SIEM solutions (Splunk/Alien/ault/OSSIM/ELK),

  • Gain hands-on experience in the SIEM use case development process.

  • Gain a basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber killchain, etc.

  • Able to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.

  • Able to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers, and workstations).

  • Gain knowledge of the centralized log management (CLM) process.

  • Able to perform security events and log collection, monitoring, and analysis.

  • Gain experience and extensive knowledge of security information and event management.

  • Gain knowledge of administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK)

  • Gain knowledge of administering SIEM solutions (Splunk/Alien/ault/OSSIM/ELK),

  • Gain hands-on experience in the SIEM use case development process.

  • Gain a basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber killchain, etc.

  • Able to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.

  • Able to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers, and workstations).

  • Gain knowledge of the centralized log management (CLM) process.

  • Able to perform security events and log collection, monitoring, and analysis.

  • Gain experience and extensive knowledge of security information and event management.

  • Gain knowledge of administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK)

  • Gain knowledge of administering SIEM solutions (Splunk/Alien/ault/OSSIM/ELK),

  • Gain hands-on experience in the SIEM use case development process.

Programme Module

Module 01

Module 02

Module 03

Module 04

Module 05

Module 06

Programme Module

Module 01

Module 02

Module 03

Module 04

Module 05

Module 06

Outcomes of the Course

By the end of this course, participants will be able to:

  • Understand SOC operations, models, and workflow.

  • Analyze cyber threats and attack methodologies (including IoCs and TTPs).

  • Grasp incident, event, and logging concepts.

  • Perform log management and correlation.

  • Execute SIEM deployment, administration, and tuning.

  • Conduct incident detection (both signature and anomaly-based).

  • Integrate threat intelligence for enhanced detection.

  • Master alert triaging and analysis.

  • Apply incident response process and procedures.

  • Generate security reports and effectively communicate.

  • Engage in proactive threat monitoring and pattern analysis.

By the end of this course, participants will be able to:

  • Understand SOC operations, models, and workflow.

  • Analyze cyber threats and attack methodologies (including IoCs and TTPs).

  • Grasp incident, event, and logging concepts.

  • Perform log management and correlation.

  • Execute SIEM deployment, administration, and tuning.

  • Conduct incident detection (both signature and anomaly-based).

  • Integrate threat intelligence for enhanced detection.

  • Master alert triaging and analysis.

  • Apply incident response process and procedures.

  • Generate security reports and effectively communicate.

  • Engage in proactive threat monitoring and pattern analysis.

By the end of this course, participants will be able to:

  • Understand SOC operations, models, and workflow.

  • Analyze cyber threats and attack methodologies (including IoCs and TTPs).

  • Grasp incident, event, and logging concepts.

  • Perform log management and correlation.

  • Execute SIEM deployment, administration, and tuning.

  • Conduct incident detection (both signature and anomaly-based).

  • Integrate threat intelligence for enhanced detection.

  • Master alert triaging and analysis.

  • Apply incident response process and procedures.

  • Generate security reports and effectively communicate.

  • Engage in proactive threat monitoring and pattern analysis.

Content Provider

EC-Council Group is a dedicated Information Security organization EC-Council aims at creating knowledge, facilitating innovation, executing research, implementing development, and nurturing subject matter experts in order to provide their unique skills and niche expertise in cybersecurity.

EC-Council Group is a dedicated Information Security organization EC-Council aims at creating knowledge, facilitating innovation, executing research, implementing development, and nurturing subject matter experts in order to provide their unique skills and niche expertise in cybersecurity.

EC-Council Group is a dedicated Information Security organization EC-Council aims at creating knowledge, facilitating innovation, executing research, implementing development, and nurturing subject matter experts in order to provide their unique skills and niche expertise in cybersecurity.

Programme Module

Module 01

Module 02

Module 03

Module 04

Module 05

Module 06

Programme Module

Module 01

Module 02

Module 03

Module 04

Module 05

Module 06