Certified Soc Analyst (CSA)

Incident Management Domain

Book online today or call us at +49 7031 2024742 if you need help selecting the right course or want to discuss corporate discounts.

Appointments

Similar courses

On-site

Prices from

€ 3.250

+UmSt

Duration:

4 days

Level:

Einsteiger

Code:

ECSA

CPEs:

34 What's included: exam included, online exam voucher

Book Now

Overview

In this intensive in-person course, theoretical and practical approaches to identifying, analyzing, and monitoring cyber attacks are learned, enabling quick response and action to security incidents.

General skills for effective work in a Security Operations Center (SOC) are imparted. Fundamentals of Security Information and Event Management (SIEM) as well as provisioning and architecture are also part of the portfolio. Recognizing attacker tools, utilizing Centralized Log Management (CLM), and ever-changing threat information round off the course with a variety of practical exercises.

** At the end of the course, each participant is free to take the exam for the EC-Council Certified SOC Analyst (CSA) directly at their own Schönbrunn TASC test center.

Prerequisites

Good basic knowledge of network technologies and at least 1 year of professional experience in network administration or security should be present to understand and apply the course content securely.
Are you unsure if this course is the right one for you? We are happy to assist you with your questions regarding necessary professional experience and required expertise.

Target audience

IT managers, executives, and employees of IT security management, head of IT security
future IT security officers, system administrators,
as well as employees of IT who will take on these roles
aspiring SOC analysts

Training plan

Module 1 - Security Operations and Management

Introduction and Understanding of SOC Fundamentals
Workflow and from SOC
Components of SOC - People, Processes, and Technology
Practical Information on Working with SOC

Module 2 - Understanding Cyber Threats, IoCs, and Attack Methodology

Definition, Understanding, and Explaining Cyber Attacks and Threats
Explanation and Understanding of Network-Level, Host-Level, and Application-Level Attacks
Understanding Indicators of Compromise (IoCs)
Understanding the Hacking Methods of Attackers

Module 3 - Incidents, Events, and Logging

Understanding the Definition of Incidents, Events, and Logging
Explanation and Differences of Local and Centralized Logging
Exercises for Local and Centralized Logging

Module 4 - Recognizing Incidents with Security Information and Event Management (SIEM)

Contents, Structure, and Features of Security Information and Event Management (SIEM)
Understanding the Use of SIEM
Exercises including:
- Application Level Incident Detection
- Network Level Incident Detection
- Host Level Incident Detection
- Handling Alarm Triage and Analysis

Module 5 - Improved Incident Detection with Threat Intelligence

Understanding the Concepts of Cyber Threat Intelligence
Understanding and Working with Different Types of Threat Intelligence
Developing Strategies and Understanding Necessities
How Can Threat Intelligence Help SOC Analysts
Exercises including:
- Integrating IoCs into ELK
- Integrating OTX Threat Data into OSSIM
- Threat Intelligence Capability of OSSIM

Module 6 - Incident Response

Introduction and Understanding the Fundamental Concept of Incident Response
Response and Recording of Security Incidents
Differentiation of Network, Application, Email, Insider, and Malware Incidents and the Different Responses

Certification

Taking the Exam for EC-Council Certified SOC Analyst (CSA) - Exam 312-39

Duration: 120 minutes

Format: Multiple Choice

Number of Questions: 100

Passing Score: 70%

Language(s): English

Exam Areas:

Module 1 - Security Operations and Management (5%)
Module 2 - Understanding Cyber Threats, IoCs, and Attack Methodologies (11%)
Module 3 - Incidents, Events, and Logging (21%)
Module 4 - Recognizing Incidents with Security Information and Event Management (SIEM) (26%)
Module 5 - Enhanced Incident Detection with Threat Intelligence (8%)
Module 6 - Incident Response (29%)

Your benefits

You learn in small groups (max. 10 participants/course)
in-house modern training room and testing center in a distraction-free, quiet atmosphere (EC Council/Pearson VUE Partner)
Experienced trainers guide you through the course
You receive comprehensive training materials, manuals, and case studies for self-study
Interactive discussions and group work help you in the application
A small breakfast, lunch, snacks, and drinks are provided throughout the day
Hotel recommendations near the training and testing center
Taking the exam at the Schönbrunn TASC testing center is possible afterward