Certified Soc Analyst (CSA)

Module 1 - Security Operations and Management

• Introduction and Understanding of SOC Fundamentals

• Workflow and from SOC

• Components of SOC - People, Processes, and Technology

• Practical Information on Working with SOC

Module 2 - Understanding Cyber Threats, IoCs, and Attack Methodology

• Definition, Understanding, and Explaining Cyber Attacks and Threats

• Explanation and Understanding of Network-Level, Host-Level, and Application-Level Attacks

• Understanding Indicators of Compromise (IoCs)

• Understanding the Hacking Methods of Attackers

Module 3 - Incidents, Events, and Logging

• Understanding the Definition of Incidents, Events, and Logging

• Explanation and Differences of Local and Centralized Logging

• Exercises for Local and Centralized Logging

Module 4 - Recognizing Incidents with Security Information and Event Management (SIEM)

• Contents, Structure, and Features of Security Information and Event Management (SIEM)

• Understanding the Use of SIEM

• Exercises including:

  • Application Level Incident Detection

  • Network Level Incident Detection

  • Host Level Incident Detection

  • Handling Alarm Triage and Analysis

Module 5 - Improved Incident Detection with Threat Intelligence

• Understanding the Concepts of Cyber Threat Intelligence

• Understanding and Working with Different Types of Threat Intelligence

• Developing Strategies and Understanding Necessities

• How Can Threat Intelligence Help SOC Analysts

• Exercises including:

  • Integrating IoCs into ELK

  • Integrating OTX Threat Data into OSSIM

  • Threat Intelligence Capability of OSSIM

Module 6 - Incident Response

• Introduction and Understanding the Fundamental Concept of Incident Response

• Response and Recording of Security Incidents

• Differentiation of Network, Application, Email, Insider, and Malware Incidents and the Different Responses