Certified SOC-Analyst (CSA)

Module 01: Security Operations and Management

• Understand the principles of security management and the role of security operations
• Discuss the Security Operations Center (SOC), its importance, capabilities, and functions
• Describe SOC workflow and the elements: People, Process, and Technology
• Compare different SOC models and their advantages and disadvantages
• Understand SOC maturity models and SOC evolution
• Identify KPIs, challenges, and best practices for effective SOC operations

Module 02: Understanding Cyber Threats, IoCs, and Attack Methodology

• Understand cyber threats and their impact on cybersecurity
• Understand network-based tactics, techniques, and procedures (TTPs)
• Understand host-based attack TTPs
• Understand application-based attack TTPs
• Understand social engineering attack TTPs
• Understand email-based attack TTPs
• Understand insider threats and their TTPs
• Recognize indicators of compromise (IoCs)
• Understand attack methodologies and frameworks

Module 03: Log Management

• Understand log management, its importance, and approaches
• Analyze local logging: Windows, Linux, Mac
• Analyze logging from firewalls and routers
• Analyze logging from web servers, databases, and email systems
• Implement centralized logging

Module 04: Incident Detection and Triage

• Understand the importance and architecture of SIEM
• Understand SIEM solutions: types, advantages, and disadvantages
• Deploy a SIEM solution
• Manage SIEM use cases
• Perform incident detection with SIEM
• Use AI for generating SIEM rules
• Triage and analyze alerts
• Manage visualization and dashboards
• Generate SOC reports

Module 05: Proactive Threat Detection

• Learn fundamentals of threat intelligence
• Understand types and strategies of threat intelligence
• Identify threat intelligence sources
• Understand threat intelligence platforms
• Explore intelligence-driven SOCs and their benefits
• Enhance incident response using threat intelligence
• Understand the importance of threat hunting
• Understand threat hunting frameworks
• Perform threat hunting with PowerShell, YARA, and tools

Module 06: Incident Response

• Introduction to incident response and the IRT
• Understand phases of the incident response process
• Respond to network security incidents
• Respond to application security incidents
• Respond to email security incidents
• Respond to insider incidents
• Respond to malware incidents
• Understand SOC playbooks in incident response
• Use EDR/XDR in incident response
• Use SOAR for automated incident response

Module 07: Forensics Investigation and Malware Analysis

• Introduction to forensic investigation
• Investigate network incidents
• Investigate application security incidents
• Investigate email incidents
• Investigate insider incidents
• Understand malware analysis
• Perform static malware analysis
• Perform dynamic malware analysis

Module 08: SOC for Cloud Environments

• Introduction to cloud SOC
• Understand Azure SOC architecture, Microsoft Sentinel, and tools
• Understand AWS SOC architecture, AWS Security Hub, and tools
• Understand Google Cloud SOC architecture, Chronicle, and tools

Für eine optimale Teilnahme am Kurs empfehlen wir folgende Vorkenntnisse:

• 1 Jahr Berufserfahrung im Bereich Network Admin/ Sicherheit haben und sollte diese im Rahmen des Bewerbungsprozesses nachweisen können Es sei denn, der Kandidat nimmt an einer offiziellen Schulung teil.

• SOC-Analysten
• Netzwerk- und Security-Administratoren
• Netzwerk- und Security-Ingenieure
• Netzwerk-Security-Spezialist
• Security Experten
• Cybersecurity Analyst