Scribd
Upload
614 views3 pages

Ec-Csa 1.0

The 3-day EC-Council Certified SOC Analyst (CSA) program provides entry-level training for security operations center analysts. It covers fundamentals of SOC operations including log management, security information and event management, incident detection, and incident response. The goal is to help students acquire skills for tier I and II SOC analyst roles. Prerequisites include one year of networking or security experience, and the program prepares students for the EC-Council Certified SOC Analyst certification exam.

Uploaded by

Milbatta Sannata
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
614 views3 pages

Ec-Csa 1.0

The 3-day EC-Council Certified SOC Analyst (CSA) program provides entry-level training for security operations center analysts. It covers fundamentals of SOC operations including log management, security information and event management, incident detection, and incident response. The goal is to help students acquire skills for tier I and II SOC analyst roles. Prerequisites include one year of networking or security experience, and the program prepares students for the EC-Council Certified SOC Analyst certification exam.

Uploaded by

Milbatta Sannata
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

EC-Council Certified SOC Analyst (CSA)

Duration: 3 Days Course Code: EC-CSA Version: 1.0

Overview:
The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring
Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.

CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by
some of the most experienced trainers in the industry. The program focuses on creating new career opportunities through extensive,
meticulous knowledge with enhanced level capabilities for dynamically contributing to a SOC team. Being an intense 3-day program, it
thoroughly covers the fundamentals of SOC operations, before relaying the knowledge of log management and correlation, SIEM deployment,
advanced incident detection, and incident response. Additionally, the candidate will learn to manage various SOC processes and collaborate
with CSIRT at the time of need.

This is the recommended training for those students looking to achieve the EC-Council Certified SOC Analyst Certification

Target Audience:
SOC Analysts ( Tier I and Tier II), Cybersecurity Analysts, Entry-level cybersecurity professionals. Network and Security Administrators

Objectives:

After completing this course you should be able to: Recognize use cases that are widely used across the SIEM
deployment.
Articulate SOC processes, procedures, technologies, and
workflows. Plan, organize, and perform threat monitoring and analysis in the
enterprise.
Understand and security threats, attacks,vulnerabilities,
attacker’s behaviors, cyber kill chain, etc. Monitor emerging threat patterns and perform security threat
analysis.
Recognize attacker tools, tactics, and procedures to identify
indicators of compromise (IOCs) that can be utilized during Gain hands-on experience in alert triaging process.
active and future investigations.
Escalate incidents to appropriate teams for additional assistance.
Monitor and analyze logs and alerts from a variety of different
technologies across multiple platforms (IDS/IPS, end-point Use a Service Desk ticketing system.
protection, servers and workstations).
Prepare briefings and reports of analysis methodology and results.
Apply Centralized Log Management (CLM) processes.
Integrate threat intelligence into SIEM for enhanced incident
Perform Security events and log collection, monitoring, and detection and response.
analysis.
Make use of varied, disparate, constantly changing threat
Understand Security Information and Event Management. information.

Administer SIEM solutions (Splunk/AlienVault/OSSIM/ELK). Articulate knowledge of Incident Response Process.

Understand the architecture, implementation and fine tuning of Understand SOC and IRT collaboration for better incident response.
SIEM solutions (Splunk/ AlienVault/OSSIM/ELK).

Gain hands-on experience on SIEM use case development


process.

Develop threat cases (correlation rules), create reports, etc.

EC-CSA 1.0 www.globalknowledge.com/en-sa/ training@globalknowledge.com.sa 00 966 92000 9278


Prerequisites: Testing and Certification
Attendees should meet the following prerequisites: Recommended as preparation for the following exam:

Network Administration or Security Domain experience 312-39 - Certified SOC Analyst


The CSA program requires a candidate to have one year of work
experience in the Network Admin/Security domain and should be able
to provide proof of the same as validated through the application
process unless the candidate attends official training.

EC-CSA 1.0 www.globalknowledge.com/en-sa/ training@globalknowledge.com.sa 00 966 92000 9278


Content:

SOC Essential Concepts Incidents, Events and Logging Incident Response


line line line
Computer Network Fundamentals Incident Incident Response
TCP/IP Protocol Suite Event Incident Response Team (IRT)
Application Layer Protocols Log Where does IRT Fit in the Organisation
Transport Layer Protocols Typical Log Sources SOC and IRT Collaboraton
Internet Layer Protocols Need of Log Incident Response (IR) Process Overview
Link Layer Protocols Logging Requirements Step 1: Preparation for Incident Response
IP Addressing and Port Numbers Typical Log Format Step 2: Incident Recording and
Network Security Controls Logging Approaches Assignment
Network Security Devices Local Logging Step 3: Incident Triage
Windows Security Centralized Logging Step 4: Notification
Unix/Linux Security Step 5: Containment
Web Application Fundamentals Incident Detection with Security Information Step 6: Evidence Gathering and Forensic
Information Security Standards, Laws and and Event Management (SIEM) Analysis
Acts line Step 7: Eradication
Security Information and Event Step 8: Recovery
Security Operations and Management Management (SIEM) Step 9: Post-Incident Activities
line Security Analytics Responding to Network Security Incidents
Security Management Need of SIEM Responding to Application Security
Security Operations Typical SIEM Capabilities Incidents
Security Operations Center (SOC) SIEM Architecture and Its Components Responing to Email Security Incidents
Need of SOC SIEM Solutions Responding to Insider Incidents
SOC Capabilities SIEM Deployment Responding to Malware Incidents
SOC Operations Incident Detection with SIEM
SOC Workflow Examples of Commonly Used Use Cases
Components of SOC: People, Process and Across all SIEM deployments
Technology Handling Alert Triaging and Analysis
People
Technology Enhanced Incident Detection with Threat
Processes Intelligence
Types of SOC Models line
SOC Maturity Models Understanding Cyber Threat Intelligence
SOC Generations Why-Threat Intelligence-driven SOC?
SOC Implementation
SOC Key Performance Indicators
Challenges in Implementation of SOC
Best Practices for Running SOC
SOC vs NOC

Understanding Cyber Threats, IoCs and Attack


Methodology
line
Cyber Threats
Intent-Motive-Goal
Tactics-Techniques-Procedures (TTPs)
Opportunity-Vulnerability-Weakness
Network Level Attacks
Host Level Attacks
Application Level Attacks
Email Security Threats
Understanding Indicators of Compromise
Understanding Attacker's Hacking
Methodology

Further Information:
For More information, or to book your course, please call us on 00 966 92000 9278
training@globalknowledge.com.sa
www.globalknowledge.com/en-sa/

Global Knowledge - KSA, 393 Al-Uroubah Road, Al Worood, Riyadh 3140, Saudi Arabia

EC-CSA 1.0 www.globalknowledge.com/en-sa/ training@globalknowledge.com.sa 00 966 92000 9278

You might also like