Multisoft Systems is engaged in offering the EC Council Certified SOC Analyst (CSA) Certification Course to help aspiring and current SOC Analysts who want to learn how to prevent, identify, assess, and respond to cybersecurity threats and incidents. Our offered course is considered the first level of a course series that includes Level 1-SOC Analyst and Level 2-SOC Specialist.
Multisoft Systems, a reputed Training and Certification Organization, is engaged in offering the EC Council Certified SOC Analyst (CSA) Course to Security Consultants, Technical Support Engineers, Information Security Researcher, SOC Analysts (L1 & L2), System Administrators, Security System Engineers, and Cyber Security Analysts. In its completion, you will be able to play a crucial position in today’s security teams since they are on the front lines of identifying and responding to cyber threats as they occur.
Are you preparing for the SOC Analyst certification examination? Great! It is one of the most sought-after positions in the SOC team. If you are among the aspirants, we invite you to earn the EC Council Certified SOC Analyst (CSA) Certification Course. Our offered course starts with the fundamentals of Blue Team operation architecture and then moves towards advanced topics such as digital forensics, threat intelligence, incident response, and Security Incident and Event Management solutions.
Certified SOC Analyst (CSA) Course Objectives:
- You will understand the Security Operation Center (SOC) team operations
- You will get deep knowledge of digital forensics, threat intelligence, and incident response
- You will get to know the technical strategies, tools, and procedures to safeguard data
- You will understand essential SOC tools like Splunk and Security Onion
- You will understand how to recognize threats and implement countermeasures
- You will learn how to deal with Blue Team operations architecture
Certified SOC Analyst (CSA) Online Training
- Recorded Videos After Training
- Digital Learning Material
- Instructor Led training
- Course Completion Certificate
- Learn from Industry Experts
- 24x7 After Training Support
Target Audience
- Security Consultants
- Technical Support Engineers
- Information Security Researcher
- System Administrators
- Security System Engineers
- SOC Analysts (L1 & L2)
- Cyber Security Analysts
Prerequisites
- To pursue this EC Council Certified SOC Analyst (CSA) Course, you are supposed to have Security+ or CEH Certification Experience or Equivalent and prior knowledge of networking fundamentals, troubleshooting, and OS basics. Plus, experience as an entry-level SOC Analyst, Cyber Security Analyst, Information Security, and Information Security domain are recommended.
Certified SOC Analyst (CSA) Course Certification
- Multisoft Systems will provide you with a training completion certificate after completing this EC Council Certified SOC Analyst (CSA) Course.
Module 1: Blue Team Operations Architecture
- Building a successful SOC
- Functions of SOC
- SOC Models & Types
- SOC Teams & Roles
- Heart of SOC - SIEM
- Gartner’s magic quadrant - TOP SIEM
- SIEM guidelines and architecture
- Industrial requirements of Splunk in various fields
- Splunk terminologies, search processing language, and various industry use cases
- Splunk universal forwarder, data inputs, Correlating Events, Search fields
Module 2: SOC Tools
Splunk
- Industrial requirements of Splunk in various fields
- Splunk terminologies, search processing language, and various industry use cases
- Splunk universal forwarder, data inputs, Correlating Events, Search fields
Security Onion
- Introduction to Security Onion: NSM
- Security Onion Architecture
- Walkthrough to Analyst Tools
- Alert Triage and Detection
- Hunt with Onion
Module 3: DFIR
Fundamentals of Digital Forensics
- Forensics Fundamentals
- Introduction to Digital Forensics
- Hard Drive Basics
- Disk Evidence
- Network Evidence
- Web & Cloud Evidence
- Evidence Forms
- SSD Drive Basics
- File Systems
- Metadata & File Carving
- Memory, Page File, and Hibernation File
- Order of Volatility
- Evidence Forms
- Chain of Custody
- What is the Chain of Custody?
- Guide for Following the Chain of Custody – Evidence collection, reporting/documentation, evidence hashing, write-blockers, working on a copy of original evidence
- Windows Investigations
- Artifacts - Registry, Event Logs, Prefetch, .LNK files, DLLs, services, drivers, common malicious locations, schedules tasks, start-up files
- Equipment - Non-static bags, faraday cage, labels, clean hard drives, forensic workstations, Disk imagers, hardware write blockers,
- Live Forensics
- Live Acquisition
- Products
- Potential Consequences
- Post-Investigation
- Report Writing
- Evidence Retention
- Evidence Destruction
- Further Reading
Tools exposure provided in the above section
- Command-LINE for Windows / Linux
- Network Analysis: Wireshark, Network Miner
- Disk Based Forensics: FTK IMAGER, AUTOPSY, Encase
- Memory Forensics: MAGNATE & BELKASOFT RAM CAPTURE, DumpIt, Volatility, Volatility WorkBench
- Email Forensics: Manual & Automated Analysis
Incident Response Basics
- Introduction to Incident Response
- What is an Incident Response?
- Why is IR Needed?
- Security Events vs. Security Incidents
- Incident Response Lifecycle - NIST SP 800 61r2
- Incident Response Plan: Preparation, Detection & Analysis, Containment, Eradication, Recovery, Lessons Learned
- Case Study: Cyber Kill Chain in Incident Response
- Lockheed Martin Cyber Kill Chain
- What is it, why is it used
- MITRE ATT&CK Framework
- What is it, why is it used
- Preparation
- Incident Response Plans, Policies, and Procedures
- The Need for an IR Team
- Asset Inventory and Risk Assessment to Identify High-Value Assets
- DMZ and Honeypots
- Host Defences
- Network Defences
- Email Defences
- Physical Defences
- Human Defences
- Detection and Analysis
- Common Events and Incidents
- Establishing Baselines and Behavior Profiles
- Central Logging (SIEM Aggregation)
- Analysis (SIEM Correlation)
- Containment, Eradication, Recovery
- CSIRT and CERT Explained
- Containment Measures
- Taking Forensic Images of Affected Hosts
- Identifying and Removing Malicious Artefacts
- Identifying Root Cause and Recovery Measures
- Lessons Learned
- What Went Well?
- What could be improved?
- Important of Documentation
- Metrics and Reporting
- Further Reading
Tools exposure provided in the above section
- SYSINTERNAL SUITE
- Hash Calculator
- Online Sources
- CyberChef
Module 4: TI
- Introduction to Threat Intelligence
- Threat Actors
- Types of Threat Intelligence:
- Operational Intelligence
- Strategical Intelligence
- Tactical Intelligence
- CTI Skills: NIST NICE - CTI Analyst
- OODA Loop, Diamond Model of Intrusion Analysis
- Unleashing Threat Intel with Maltego, AlienVault OTX
- LOTL Based Techniques
- Malware Campaigns & APTs