Duration 3 days – 21 hrs
Overview
The EC-Council Certified SOC Analyst (CSA) program is designed to prepare individuals for roles in Security Operations Centers (SOC) by equipping them with the critical knowledge and hands-on skills needed for effective monitoring, detection, investigation, and response to cybersecurity.The curriculum emphasizes log management, SIEM deployment, threat intelligence, incident response, and SOC operations with a strong lab-based approach
Objectives
- Understand SOC architecture, roles, and operational workflows.
- Perform centralized log management and event monitoring.
- Deploy and use SIEM platforms effectively to detect and investigate security incidents.
- Apply threat intelligence and the cyber kill chain model to enhance detection capabilities.
- Execute incident triaging and coordinate with CSIRT teams during incident response.
- Develop SOC documentation and reporting standards.
- Gain practical experience through hands-on labs that mirror real-world SOC tasks.
Audience
- Aspiring and current SOC Analysts (Tier I and Tier II)
- Network and Security Administrators/Engineers, Network Defense Analysts/Technicians, Security Specialists/Operators
- Cybersecurity Analysts and entry-level security professionals looking to transition to SOC roles
- Anyone interested in launching a career in SOC operations or incident response.
Prerequisites
- Basic understanding of IT and cybersecurity fundamentals (e.g., OS, networking, logs, threat concepts).
- Familiarity with security operations and awareness of common defense tools (preferred but not strictly required).
- Suitable for professionals new to SOC roles but familiar with IT or security concepts.
Course Content
Security Operations & SOC Management
- Overview of SOC functions and structures.
- Roles and responsibilities within SOC teams.
- Governance and best practices in SOC operations.
- Integration with CSIRT workflows.
Cyber Threats, IoCs & Attack Methodology
- Introduction to threat actors and attack vectors.
- Understanding Indicators of Compromise (IoCs).
- Applying the cyber kill chain in threat analysis.
Incidents, Events & Logging
- Fundamentals of log data: collection, normalization, management.
- Event correlation and alert generation.
- Tools and dashboards for effective log oversight.
Incident Detection with SIEM
- Principles and deployment of Security Information and Event Management systems.
- Use case creation and alert tuning.
- SIEM features and operational applications.
Enhanced Detection with Threat Intelligence
- Leveraging threat intelligence to enrich SOC alerts.
- Using external sources to detect emerging threats.
- Integrating predictive analytics into monitoring workflows.
Incident Response in the SOC
- Incident response lifecycle: triage, containment, analysis, resolution.
- Collaboration with response teams (CSIRT).
- Documenting and reporting findings effectively.
