Certified SOC Analyst | CSA
The CSA program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.
Virtual Training or e-Learning?
We offer flexibility. You can choose from our selection of in-class courses as well as online courses.
Try a live virtual courseTarget Audience
A SOC Analyst continuously monitors and detects potential threats, triages the alerts, and appropriatley escalates them. Without a SOC analyst, processes such as monitoring, detection, analysis, and triaging will lose their effectiveness, ultimately negatively affecting the organization.
- SOC Analysts
- Cybersecurity Analyst
- Network Defense Analyst
- Network Defense Technicians
- Network and Security Engineers
- Network and Security Administrators
- Anyone who wants to become a SOC Analyst
Course Objectives
- Gain knowledge of Incident Response Process
- To acquire trending and in-demand technical skills
- Plan, organize, and perform threat monitoring and analysis in the enterprise
- To learn to manage various SOC processes and collaborate with CSIRT at the time of need
What is CSA
The lab-intensive CSA program emphasizes the holistic approach to deliver elementary as well as advanced knowledge of how to identify and validate intrusion attempts. Through this, the candidate will learn to use SIEM solutions and predictive capabilities using threat intelligence.
CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry.
Certification
Certificate | Certified SOC Analyst
Prerequisites
The CSA program requires a candidate to have 1 year of work experience in the Network Admin/ Security domain and should be able to provide proof of the same as validated through the application process unless the candidate attends official training.
Agenda
Day 1Hide agendaOpen agenda
08:00 – 10:30
Incidents, Events, and Logging
- Incident
- Event
- Log
- Typical log sources
- Need of log
- Logging requirements
- Typical Log format
10:30 – 10:45
Coffee break
10:45 – 12:15
- Local logging
- Logging approaches
- Centralized logging
12:15 – 13:15
Lunch menu | Oběd
13:15 – 14:45
Incident Detection with Security Information and Event Management (SIEM)
- SIEM
- Security anlaytics
- Need of SIEM
- Typical SIEM Capabilities
- SIEM Architecture and ITS Components
- SIEM Solutions
14:45 – 15:00
Coffee break
15:00 – 17:00
- SIEM Deployment
- Incident Detection with SIEM
- Examples of commonly Used Use Case Across all SIEM deployments
- Handling Alert Triaging and Analysis
Day 2Hide agendaOpen agenda
09:00 – 10:30
Security Operations and Management
- SOC
- Security Operations
- Security Management
- Need of SOC
10:30 – 10:45
Coffee break
10:45 – 12:15
- SOC Workflow
- SOC Capabilities
- SOC Operations
12:15 – 13:15
Lunch Menu | Oběd
13:15 – 14:45
Understanding Cyber Threats, IoCs, and Attack Methodology
- Cyber Threats
- Intent - motive - goal
- Tactics - techniques - procedures
- Oppoturnity - vulnerability - weakness
14:45 – 15:00
Coffee break
15:00 – 17:00
- Network level attacks
- Host level attacks
- Application level attacks
- Email security threats
- Understanding IoCs
- Understanding attackers hacking methodology
Day 3Hide agendaOpen agenda
09:00 – 10:30
Enhanced Incident Detection with Threat Intelligence
- Understanding CTI
- Why treat intelligence - driven SOC
10:30 – 10:45
Coffee break
10:45 – 12:15
Incident Response
- Incident Response Team (IRT)
- Where Does IRTFits in the Organization
- SOC and IRT Collaboration
- IR process overview
12:15 – 13:15
Lunch Menu | Oběd
13:15 – 14:45
- Preparation for Incident Response
- Incident Recording and Assigment
- Incident triage
- Notification
- Contaiment
14:45 – 15:00
Coffee break
15:00 – 17:00
- Evidence gathering and Forensic Analysis
- Eradication
- Recovery
- Post Incident Activities
- Responding to Network Security Incidents
CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry.
- Block duration 90 minutes
- Hours 24 hours
- Refreshments
- Exam
Prerequisites
1 year of work experience in the Network Admin/ Security domain
Certificate
After the completion of the CSA training, candidates will be ready to attempt the Certified SOC Analyst exam.
Upon successful completion of the exam, with a score of at least 70%, the candidate will be entitled to the CSA certificate and membership privileges. Members are expected to adhere to recertification requirements through EC-Council’s Continuing Education Requirements.
Exam Format
The CSA exam is designed to test and validate a candidate’s comprehensive understanding of the jobs tasks required as a SOC analyst. Thereby validating their comprehensive understanding of a complete SOC workflow.
- Duration: 3 hours
- Passing score 70>#/li###
- Numbers of Questions 100
- Test format: Multiple Choice
- Availibity - EC-Council Exam Portal
Graduate ratings
What makes our references exceptional? They are not one-off events. Clients come back to us regularly.
View the full list of reference clients.
Not sure if this is the right courese for you? Get in touch!
For assistance please give us a call.
We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.
Cannot call? Send us a message.
Would you like a gift for your birtday?
