Login

OTP sent to

Certified SOC Analyst - CSA

Home > Courses > Certified SOC Analyst - CSA

Certified SOC Analyst - CSA

EC Council Courses

Duration
45 Hours

Course Description

         The Certified SOC Analyst (CSA) certification program focuses on equipping individuals with the essential skills needed to work in a Security Operations Center (SOC). It covers the fundamentals of SOC operations, including log management, SIEM deployment, advanced incident detection, and incident response. The program also emphasizes threat intelligence, attack vectors, and the use of various tools and techniques for effective threat detection and response. 

Course Outline For Certified SOC Analyst - CSA

  • Module 01: Security Operations and Management: Focuses on the fundamentals of SOC operations, including the roles of people, processes, and technology, as well as the implementation of a SOC.
  • Module 02: Understanding Cyber Threats, IoCs, and Attack Methodology: Covers various cyberattacks, their Indicators of Compromise (IoCs), and the tactics, techniques, and procedures (TTPs) used by attackers.
  • Module 03: Incidents, Events, and Logging: Explores the concepts of incidents, events, and logging, including local and centralized logging, and logging best practices.
  • Module 04: Incident Detection with Security Information and Event Management (SIEM): Introduces SIEM fundamentals, various SIEM solutions, SIEM deployment, and use cases for incident detection at different levels (application, insider, network, host, and compliance).
  • Module 05: Enhanced Incident Detection with Threat Intelligence: Covers threat intelligence concepts, types, sources, and platforms, and how to integrate threat intelligence into SIEM for improved threat detection.
  • Module 06: Incident Response: Focuses on the fundamentals of incident response, including the phases of the incident response process, and how to respond to various types of security incidents (network, application, email, insider, and malware).
  • Module 07: Forensic Investigation and Malware Analysis: This module is included in some versions of the CSA curriculum and covers forensic investigation techniques and malware analysis.
  • Module 08: SOC for Cloud Environments: This module covers SOC processes in cloud environments (AWS, Azure, GCP), including monitoring, incident detection, automated response, and cloud-native tools. 

The CSA program emphasizes practical, hands-on learning with lab exercises that simulate real-world scenarios.

These labs focus on activities like:

  • Understanding attack methodologies and IoCs.
  • Implementing local and centralized logging.
  • Developing SIEM use cases for incident detection.
  • Triaging alerts, prioritizing incidents, and generating tickets.
  • Containing, eradicating, and recovering from incidents.
  • Creating incident reports.
  • Integrating IoCs into SIEM tools like ELK stack.
  • Implementing Splunk use cases for various attack detections.
  • Performing forensic investigation of application security incidents.
  • Implementing Microsoft Sentinel in Azure for cloud security. 
Enquire Now