SOC Essentials (SCE)

Computer Network and Security Fundamentals

• Computer Network
• TCP/IP Model
• OSI Model
• Types of a Network
• Network Model
• Network Topologies
• TCP/IP Protocol Suite
• Network Security Controls
• Network Security Devices
• Windows Security
• Unix / Linux Security
• Web Application Fundamentals
• Information Security Standards, Laws and Acts

Fundamentals of Cyber Threats

• Cyber Threats
• Intent-Motive-Goal
• Tactics-Techniques Procedures (TTPs)
• Opportunity-Vulnerability-Weakness
• Vulnerability
• Threats & Attacks
• Example of Attacks
• Network-based Attacks
• Application-based
• Host Based Attacks
• Insider Attacks
• Malware (Virus, Worms, Ransomware etc.)
• Phishing and Social Engineering

Introduction to Security Operations Center (SOC)

• What is a Security Operations Center (SOC)
• Importance of SOC
• SOC Team Roles and Responsibilities
• SOC KPI
• SOC Metrics
• SOC Maturity Models
• SOC Workflow and Processes
• Challenges in Operating a SOC

SOC Components and Architecture

• Key Concepts of a SOC
• People in SOC
• Processes in SOC
• Technologies in SOC
• SOC Architecture and Infrastructure
• Different Types of SOC and Their Purposes
• Introduction to SIEM
• SIEM Architecture
• SIEM Deployment Models
• Data Sources in SIEM
• SIEM Logs
• Network in SIEM Endpoint Data in SIEM

Introduction to Log Management

• Incident
• Event
• Log Typical Log Sources
• Need of Log
• Typical Log Format
• Local Log Management
• Central Log Management
• Logging Best Practices
• Logging / Log Management Tools

Incident Detection and Analysis

• SIEM Use Case Development
• Security Monitoring and Analysis
• Correlation Rules
• Dashboards
• Reporting
• Alerting
• Triage Alerts
• Dealing with False Positive Alerts
• Incident Escalation
• Communication Paths
• Ticketing Systems

Threat Intelligence and Hunting

• Introduction to Threat Intelligence
• Threat Intelligence Sources
• Threat Intelligence Types
• Threat Intelligence Lifecycle
• Role of Threat Intelligence in SOC Operations
• Threat Intelligence Feeds
• Threat Intelligence Sharing and Collaboration
• Threat Intelligence Tools/Platforms
• Introduction to Threat Hunting
• Threat Hunting Techniques
• Threat Hunting Methodologies
• Role of Threat Hunting in SOC Operations
• Leveraging Threat Intelligence for Hunting
• Threat Hunting Tools

Incident Response and Handling

• Incident Handling Process
• Incident Handling Classification and Prioritization
• Incident Response Lifecycle
• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Post-Incident Analysis and Reporting

keine

• Administratoren
• Netzwerkadministratoren
• SOC-Analysten
• Incident Responder