Certified SOC Analyst (CSA) Certification Training - EC Council

• You will understand the Security Operation Center (SOC) team operations
• You will get deep knowledge of digital forensics, threat intelligence, and incident response
• You will get to know the technical strategies, tools, and procedures to safeguard data
• You will understand essential SOC tools like Splunk and Security Onion
• You will understand how to recognize threats and implement countermeasures
• You will learn how to deal with Blue Team operations architecture

• Recorded Videos After Training
• Digital Learning Material
• Instructor Led training
• Course Completion Certificate
• Learn from Industry Experts
• 24x7 After Training Support

• Security Consultants
• Technical Support Engineers
• Information Security Researcher
• System Administrators
• Security System Engineers
• SOC Analysts (L1 & L2)
• Cyber Security Analysts

• To pursue this EC Council Certified SOC Analyst (CSA) Course, you are supposed to have Security+ or CEH Certification Experience or Equivalent and prior knowledge of networking fundamentals, troubleshooting, and OS basics. Plus, experience as an entry-level SOC Analyst, Cyber Security Analyst, Information Security, and Information Security domain are recommended.

• Multisoft Systems will provide you with a training completion certificate after completing this EC Council Certified SOC Analyst (CSA) Course.

Module 1: Blue Team Operations Architecture

• Building a successful SOC
• Functions of SOC
• SOC Models & Types
• SOC Teams & Roles
• Heart of SOC - SIEM
• Gartner’s magic quadrant - TOP SIEM
• SIEM guidelines and architecture
• Industrial requirements of Splunk in various fields
• Splunk terminologies, search processing language, and various industry use cases
• Splunk universal forwarder, data inputs, Correlating Events, Search fields

Module 2: SOC Tools

Splunk

• Industrial requirements of Splunk in various fields
• Splunk terminologies, search processing language, and various industry use cases
• Splunk universal forwarder, data inputs, Correlating Events, Search fields

Security Onion 

• Introduction to Security Onion: NSM
• Security Onion Architecture
• Walkthrough to Analyst Tools
• Alert Triage and Detection
• Hunt with Onion 

Module 3: DFIR

Fundamentals of Digital Forensics

• Forensics Fundamentals
• Introduction to Digital Forensics
• Hard Drive Basics
• Disk Evidence
• Network Evidence
• Web & Cloud Evidence
• Evidence Forms
• SSD Drive Basics
• File Systems
• Metadata & File Carving
• Memory, Page File, and Hibernation File
• Order of Volatility
• Evidence Forms
• Chain of Custody
• What is the Chain of Custody?
• Guide for Following the Chain of Custody – Evidence collection, reporting/documentation, evidence hashing, write-blockers, working on a copy of original evidence
• Windows Investigations
• Artifacts - Registry, Event Logs, Prefetch, .LNK files, DLLs, services, drivers, common malicious locations, schedules tasks, start-up files
• Equipment - Non-static bags, faraday cage, labels, clean hard drives, forensic workstations, Disk imagers, hardware write blockers, 
• Live Forensics
• Live Acquisition
• Products
• Potential Consequences
• Post-Investigation
• Report Writing
• Evidence Retention
• Evidence Destruction
• Further Reading

Tools exposure provided in the above section

• Command-LINE for Windows / Linux
• Network Analysis: Wireshark, Network Miner
• Disk Based Forensics: FTK IMAGER, AUTOPSY, Encase
• Memory Forensics: MAGNATE & BELKASOFT RAM CAPTURE, DumpIt, Volatility, Volatility WorkBench
• Email Forensics: Manual & Automated Analysis

Incident Response Basics 

• Introduction to Incident Response
• What is an Incident Response?
• Why is IR Needed?
• Security Events vs. Security Incidents
• Incident Response Lifecycle - NIST SP 800 61r2
• Incident Response Plan: Preparation, Detection & Analysis, Containment, Eradication, Recovery, Lessons Learned
• Case Study: Cyber Kill Chain in Incident Response
• Lockheed Martin Cyber Kill Chain
• What is it, why is it used
• MITRE ATT&CK Framework
• What is it, why is it used
• Preparation
• Incident Response Plans, Policies, and Procedures
• The Need for an IR Team
• Asset Inventory and Risk Assessment to Identify High-Value Assets
• DMZ and Honeypots
• Host Defences
• Network Defences 
• Email Defences 
• Physical Defences 
• Human Defences 
• Detection and Analysis
• Common Events and Incidents
• Establishing Baselines and Behavior Profiles
• Central Logging (SIEM Aggregation)
• Analysis (SIEM Correlation)
• Containment, Eradication, Recovery
• CSIRT and CERT Explained
• Containment Measures
• Taking Forensic Images of Affected Hosts
• Identifying and Removing Malicious Artefacts
• Identifying Root Cause and Recovery Measures
• Lessons Learned
• What Went Well?
• What could be improved?
• Important of Documentation
• Metrics and Reporting
• Further Reading

Tools exposure provided in the above section

• SYSINTERNAL SUITE
• Hash Calculator
• Online Sources
• CyberChef

Module 4: TI

• Introduction to Threat Intelligence
• Threat Actors
• Types of Threat Intelligence:
• Operational Intelligence
• Strategical Intelligence
• Tactical Intelligence
• CTI Skills: NIST NICE - CTI Analyst
• OODA Loop, Diamond Model of Intrusion Analysis
• Unleashing Threat Intel with Maltego, AlienVault OTX
• LOTL Based Techniques
• Malware Campaigns & APTs