Certified SOC Analyst
The Certified SOC Analyst (CSA) program is the first step to joining a SOC. Designed for Tier I/II analysts, it delivers in-demand cybersecurity skills via experienced trainers. This 3-day program covers SOC fundamentals, log management, SIEM, advanced incident detection, and incident response. Candidates learn to manage SOC processes and collaborate with CSIRT.



This Course Is Ideal For
SOC Analysts (Tier I and Tier II)
Network and Security Administrators, Network and Security Engineers, Network Defense Analyst, Network Defense Technicians, Network Security Specialist, Network Security Operator, and any security professional handling network security operations
Cybersecurity Analyst
Entry-level cybersecurity professionals
Anyone who wants to become a SOC Analyst
SOC Analysts (Tier I and Tier II)
Network and Security Administrators, Network and Security Engineers, Network Defense Analyst, Network Defense Technicians, Network Security Specialist, Network Security Operator, and any security professional handling network security operations
Cybersecurity Analyst
Entry-level cybersecurity professionals
Anyone who wants to become a SOC Analyst
SOC Analysts (Tier I and Tier II)
Network and Security Administrators, Network and Security Engineers, Network Defense Analyst, Network Defense Technicians, Network Security Specialist, Network Security Operator, and any security professional handling network security operations
Cybersecurity Analyst
Entry-level cybersecurity professionals
Anyone who wants to become a SOC Analyst
What to Expect In This Course
SKILL LEVEL
Intermediate
DURATION
24 hours
CERTIFICATION
After Completion
LANGUAGE
English
Skill You Will Learn
Gain a basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber killchain, etc.
Able to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
Able to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers, and workstations).
Gain knowledge of the centralized log management (CLM) process.
Able to perform security events and log collection, monitoring, and analysis.
Gain experience and extensive knowledge of security information and event management.
Gain knowledge of administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK)
Gain knowledge of administering SIEM solutions (Splunk/Alien/ault/OSSIM/ELK),
Gain hands-on experience in the SIEM use case development process.
Gain a basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber killchain, etc.
Able to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
Able to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers, and workstations).
Gain knowledge of the centralized log management (CLM) process.
Able to perform security events and log collection, monitoring, and analysis.
Gain experience and extensive knowledge of security information and event management.
Gain knowledge of administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK)
Gain knowledge of administering SIEM solutions (Splunk/Alien/ault/OSSIM/ELK),
Gain hands-on experience in the SIEM use case development process.
Gain a basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber killchain, etc.
Able to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
Able to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers, and workstations).
Gain knowledge of the centralized log management (CLM) process.
Able to perform security events and log collection, monitoring, and analysis.
Gain experience and extensive knowledge of security information and event management.
Gain knowledge of administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK)
Gain knowledge of administering SIEM solutions (Splunk/Alien/ault/OSSIM/ELK),
Gain hands-on experience in the SIEM use case development process.
Programme Module
Module 01
Module 02
Module 03
Module 04
Module 05
Module 06
Programme Module
Module 01
Module 02
Module 03
Module 04
Module 05
Module 06
Outcomes of the Course
By the end of this course, participants will be able to:
Understand SOC operations, models, and workflow.
Analyze cyber threats and attack methodologies (including IoCs and TTPs).
Grasp incident, event, and logging concepts.
Perform log management and correlation.
Execute SIEM deployment, administration, and tuning.
Conduct incident detection (both signature and anomaly-based).
Integrate threat intelligence for enhanced detection.
Master alert triaging and analysis.
Apply incident response process and procedures.
Generate security reports and effectively communicate.
Engage in proactive threat monitoring and pattern analysis.
By the end of this course, participants will be able to:
Understand SOC operations, models, and workflow.
Analyze cyber threats and attack methodologies (including IoCs and TTPs).
Grasp incident, event, and logging concepts.
Perform log management and correlation.
Execute SIEM deployment, administration, and tuning.
Conduct incident detection (both signature and anomaly-based).
Integrate threat intelligence for enhanced detection.
Master alert triaging and analysis.
Apply incident response process and procedures.
Generate security reports and effectively communicate.
Engage in proactive threat monitoring and pattern analysis.
By the end of this course, participants will be able to:
Understand SOC operations, models, and workflow.
Analyze cyber threats and attack methodologies (including IoCs and TTPs).
Grasp incident, event, and logging concepts.
Perform log management and correlation.
Execute SIEM deployment, administration, and tuning.
Conduct incident detection (both signature and anomaly-based).
Integrate threat intelligence for enhanced detection.
Master alert triaging and analysis.
Apply incident response process and procedures.
Generate security reports and effectively communicate.
Engage in proactive threat monitoring and pattern analysis.
Content Provider



EC-Council Group is a dedicated Information Security organization EC-Council aims at creating knowledge, facilitating innovation, executing research, implementing development, and nurturing subject matter experts in order to provide their unique skills and niche expertise in cybersecurity.
EC-Council Group is a dedicated Information Security organization EC-Council aims at creating knowledge, facilitating innovation, executing research, implementing development, and nurturing subject matter experts in order to provide their unique skills and niche expertise in cybersecurity.
EC-Council Group is a dedicated Information Security organization EC-Council aims at creating knowledge, facilitating innovation, executing research, implementing development, and nurturing subject matter experts in order to provide their unique skills and niche expertise in cybersecurity.
Programme Module
Module 01
Module 02
Module 03
Module 04
Module 05
Module 06
Programme Module
Module 01
Module 02
Module 03
Module 04
Module 05
Module 06