Certified SOC Analyst

The CSA program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.

Virtual Training or e-Learning?

We offer flexibility. You can choose from our selection of in-class courses as well as online courses.

Try a live virtual course

Target Audience

SOC Analyst continuously monitors and detects potential threats, triages the alerts, and appropriatley escalates them. Without a SOC analyst, processes such as monitoring, detection, analysis, and triaging will lose their effectiveness, ultimately negatively affecting the organization. 

  • SOC Analysts
  • Cybersecurity Analyst
  • Network Defense Analyst
  • Network Defense Technicians
  • Network and Security Engineers
  • Network and Security Administrators
  • Anyone who wants to become a SOC Analyst
Target Audience

Course Objectives

  • Gain knowledge of Incident Response Process
  • To acquire trending and in-demand technical skills
  • Plan, organize, and perform threat monitoring and analysis in the enterprise
  • To learn to manage various SOC processes and collaborate with CSIRT at the time of need

What is CSA

The lab-intensive CSA program emphasizes the holistic approach to deliver elementary as well as advanced knowledge of how to identify and validate intrusion attempts. Through this, the candidate will learn to use SIEM solutions and predictive capabilities using threat intelligence. 

CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry.

What is CSA

Certification

Certificate | Certified SOC Analyst

Prerequisites

The CSA program requires a candidate to have 1 year of work experience in the Network Admin/ Security domain and should be able to provide proof of the same as validated through the application process unless the candidate attends official training.

Prerequisites

Agenda

Day 1
Hide agenda
Open agenda

08:00 – 10:30

Incidents, Events, and Logging

  • Incident
  • Event
  • Log
  • Typical log sources
  • Need of log
  • Logging requirements
  • Typical Log format

10:30 – 10:45

Coffee break

10:45 – 12:15

  • Local logging
  • Logging approaches
  • Centralized logging

12:15 – 13:15

Lunch menu | Oběd

13:15 – 14:45

Incident Detection with Security Information and Event Management (SIEM)

  • SIEM
  • Security anlaytics
  • Need of SIEM
  • Typical SIEM Capabilities
  • SIEM Architecture and ITS Components
  • SIEM Solutions

14:45 – 15:00

Coffee break

15:00 – 17:00

  • SIEM Deployment
  • Incident Detection with SIEM
  • Examples of commonly Used Use Case Across all SIEM deployments
  • Handling Alert Triaging and Analysis

Day 2
Hide agenda
Open agenda

09:00 – 10:30

Security Operations and Management

  • SOC
  • Security Operations
  • Security Management
  • Need of SOC

10:30 – 10:45

Coffee break

10:45 – 12:15

  • SOC Workflow
  • SOC Capabilities
  • SOC Operations

12:15 – 13:15

Lunch Menu | Oběd

13:15 – 14:45

Understanding Cyber Threats, IoCs, and Attack Methodology

  • Cyber Threats
  • Intent - motive - goal
  • Tactics - techniques - procedures
  • Oppoturnity - vulnerability - weakness

14:45 – 15:00

Coffee break

15:00 – 17:00

  • Network level attacks
  • Host level attacks
  • Application level attacks
  • Email security threats
  • Understanding IoCs
  • Understanding attackers hacking methodology

Day 3
Hide agenda
Open agenda

09:00 – 10:30

Enhanced Incident Detection with Threat Intelligence

  • Understanding CTI
  • Why treat intelligence  - driven SOC

10:30 – 10:45

Coffee break

10:45 – 12:15

Incident Response

  • Incident Response Team (IRT)
  • Where Does IRTFits in the Organization
  • SOC and IRT Collaboration
  • IR process overview

12:15 – 13:15

Lunch Menu | Oběd

13:15 – 14:45

  • Preparation for Incident Response
  • Incident Recording  and Assigment
  • Incident triage
  • Notification
  • Contaiment

14:45 – 15:00

Coffee break

15:00 – 17:00

  • Evidence gathering and Forensic Analysis
  • Eradication
  • Recovery
  • Post Incident Activities
  • Responding to Network Security Incidents

CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry.

  • Block duration 90 minutes
  • Hours 24 hours
  • Refreshments
  • Exam
  • Prerequisites

    1 year of work experience in the Network Admin/ Security domain

Certificate

After the completion of the CSA training, candidates will be ready to attempt the Certified SOC Analyst exam. 

Upon successful completion of the exam, with a score of at least 70%, the candidate will be entitled to the CSA certificate and membership privileges. Members are expected to adhere to recertification requirements through EC-Council’s Continuing Education Requirements.

Certificate

Exam Format

The CSA exam is designed to test and validate a candidate’s comprehensive understanding of the jobs tasks required as a SOC analyst. Thereby validating their comprehensive understanding of a complete SOC workflow.
  • Duration: 3 hours
  • Passing score 70>#/li###
  • Numbers of Questions 100
  • Test format: Multiple Choice
  • Availibity - EC-Council Exam Portal
Exam Format

Graduate ratings

What makes our references exceptional? They are not one-off events. Clients come back to us regularly.

View the full list of reference clients.

Your rating
*****

Not sure if this is the right courese for you? Get in touch!

For assistance please give us a call.

We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.

*items marked with an asterisk are mandatory

Would you like a gift for your birtday?