EC-Council, Cyber Security, EC-Council Self-Paced

EC-Council Certified SOC Analyst – Self-Paced (Incl. Exam Voucher)

CH-CSA-SP

Type

Skill Level

EC-Council: Intermediate

Available dates

Learning Path

Cybersecurity

Virtual

Duration

1 Year

1 Day

LEARNING PATH

Cybersecurity

SKILL LEVEL

EC-Council: Intermediate

DURATION

1 Year

AVAILABLE DATES

Choose date

R10 400,00

Price excluding VAT

Introduction

EC Council’s Certified SOC Analyst (CSA) program is the first step to joining a security operations centre (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry level and intermediate-level operations.

CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry. The program focuses on creating new career opportunities through extensive, meticulous knowledge with enhanced level capabilities for dynamically contributing to a SOC team.

The lab-intensive CSA program emphasizes the holistic approach to deliver elementary as well as advanced knowledge of how to identify and validate intrusion attempts. Through this, the candidate will learn to use SIEM solutions and predictive capabilities using threat intelligence. The program also introduces the practical aspect of SIEM using advanced and the most frequently used tools. The candidate will learn to perform enhanced threat detection using the predictive capabilities of Threat Intelligence.

Audience profile

SOC Analysts (Tier I and Tier II)
Network and Security Administrators
Network and Security Engineers
Network Defence Analyst
Network Defence Technicians
Network Security Specialist
Network Security Operator
Any security professional handling network security operations
Cybersecurity Analyst
Entry-level cybersecurity professionals
Anyone who wants to become a SOC Analyst

Pre-requisites

The knowledge and skills that a learner must have before attending this course is as follows:

1 year of work experience in the Network Admin/ Security domain

What is EC-Council iLearn?

iLearn is EC Council’s online, self-paced option which means that all of the same modules taught in the live course are recorded and presented in a streaming video format. A certification candidate can set their own learning pace by pausing the lectures and returning to their studies as their schedule permits! This all-inclusive training program provides the benefits of classroom training at your own pace.

What is included?

Streaming video training modules – 1 year access
Official EC-Council E-Courseware – 1 year access
iLabs, Virtual Lab Platform – 6 months access
One Certification exam voucher
One Certificate of Attendance

How to Access the iLearn Portal?

All learning resources will be released directly to the delegate and a notification will be shared via email after your booking is complete. You may then login anytime at https://iclass.eccouncil.org/my-courses/

Course objectives

Upon completing this course, the learner will have the following knowledge and skills:

Gain Knowledge of SOC processes, procedures, technologies, and workflows
Gain basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviours, and cyber kill chain, etc.
Ability to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations
Ability to monitor and analyse logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers and workstations)
Gain knowledge of Centralized Log Management (CLM) process
Ability to perform Security events and log collection, monitoring, and analysis
Gain experience and extensive knowledge of Security Information and Event Management
Gain knowledge on administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK)
Understand the architecture, implementation and fine tuning of SIEM solutions (Splunk/ AlienVault/OSSIM/ELK)
Gain hands-on experience on SIEM use case development process
Ability to develop threat cases (correlation rules), create reports, etc.
Learn use cases that are widely used across the SIEM deployment
Plan, organise, and perform threat monitoring and analysis in the enterprise
Ability to monitor emerging threat patterns and perform security threat analysis
Gain hands-on experience in alert triaging process
Ability to escalate incidents to appropriate teams for additional assistance
Ability to use a Service Desk ticketing system
Ability to prepare briefings and reports of analysis methodology and results
Gain knowledge of integrating threat intelligence into SIEM for enhanced incident detection and response
Ability to make use of varied, disparate, constantly changing threat information
Gain knowledge of Incident Response Process
Gain understating of SOC and IRT collaboration for better incident response

Course content

Module 00: SOC Essential Concepts
Computer Network Fundamentals	Link Layer Protocols
TCP/IP Protocol Suite	IP Addressing and Port Numbers
Application Layer Protocols	Network Security Controls
Transport Layer Protocols	Network Security Devices
Internet Layer Protocols	Windows Security
Web Application Fundamentals	Unix/Linux Security
Information Security Standards, Laws and Acts
Module 01: Security Operations and Management
Security Management	SOC Generations
Security Operations	SOC Implementation
Security Operations Centre (SOC)	SOC Key Performance Indicators (KPI) and Metrics
Need of SOC	Challenges in Implementation of SOC
SOC Capabilities	Best Practices for Running SOC
SOC Operations	SOC vs NOC
SOC Workflow	Types of SOC Models
Components of SOC: People, Process and Technology	SOC Maturity Models
Model 02: Understanding Cyber Threats, IoCs, and Attack Methodology
Cyber Threats	Email Security Threats
Intent-Motive-Goal	Understanding Indicators of Compromise (IoCs)
Tactics-Techniques-Procedures (TTPs)	Understanding Attacker’s Hacking Methodology
Opportunity-Vulnerability-Weakness	Exercise 1: Application-Level Threats: Understanding the Working of SQL Injection Attacks
Network Level Attacks	Exercise 2: Application-Level Threats: Understanding the Working of XSS Attacks
Host Level Attacks	Exercise 3: Network Level Threats: Understanding the Working of Network Scanning Attacks
Applications Level Attacks	Exercise 4: Host Level Threats: Understanding the Working of Brute Force Attacks
Module 03: Incident, Events, and Logging
Incident	Local Logging
Event	Centralized Logging
Log	Exercise 1: Local Logging: Configuring, Monitoring, and Analysing Windows Logs
Typical Log Sources	Exercise 2: Local Logging: Configuring, Monitoring, and Analysing IIS (Internet Information Services) Logs
Need of Log	Exercise 3: Local Logging: Configuring, Monitoring, and Analysing Snort IDS (Intrusion Detection System) Logs
Logging Requirements	Exercise 4: Centralized Logging: Collecting Logs from Different Devices into Centralized Location
Typical Log Format
Logging Approaches
Module 04: Incident Detection with Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)	Examples of commonly Used Use Cases Across all SIEM deployments
Security Analytics	Handling Alert Triaging and Analysis
Need of SIEM	Exercise 1: Creating Splunk Use Case and Generating Alerts for Brute-force Attempts
Typical SIEM Capabilities	Exercise 2: Creating Splunk Use Case and Generating Alerts for SQL Injection Attempts
SIEM Architecture and Its Components	Exercise 3: Creating Splunk Use Case and Generating Alerts for XSS Attempts
SIEM Solutions	Exercise 4: Creating Splunk Use Case and Generating Alerts for Network Scanning Attempts
SIEM Deployment	Exercise 5: Creating Splunk Use Case for Registry Monitoring
Incident Detection with SIEM	Exercise 6: Creating Splunk Use Case for Monitoring Insecure Ports and Services
Module 05: Enhanced Incident Detections with Threat Intelligence
Understanding Cyber Threat Intelligence	Exercise 2: Integrating OTX Threat Data in OSSIM
Why Threat Intelligence-driven SOC?	Exercise 3: Integrating Threat Intelligence Capability of OSSIM
Exercise 1: Integrating IoCs into ELK Stack
Module 06: Incident Response
Incident Response	Step 8: Recovery
Incident Response Team (IRT)	Step 9: Post-Incident Activities
Where Does IRT Fit in the Organisation?	Responding to Network Security Incidents
SOC and IRT Collaboration	Responding to Application Security Incidents
Incident Response (IR) Process Overview	Responding to Email Security Incidents
Step 1: Preparation for Incident Response	Responding to an Insider Incidents
Step 2: Incident Recording and Assignment	Responding to Malware incidents
Step 3: Incident Triage	Exercise 1: Generating Tickets for Incidents
Step 4: Notification	Exercise 2: Containing Data Loss Incidents
Step 5: Containment	Exercise 3: Eradicating SQL injection and XSS Incidents
Step 6: Evidence Gathering and Forensic Analysis	Exercise 4: Recovering from Data Loss Incidents
Step 7: Eradication	Exercise 5: Reporting an Incident

Associated Certifications & Exam

Exam Details	CSA Exam
Exam Title	Certified SOC Analyst
Number of Questions/Practical Challenges	100 Questions
Test Duration	3 Hours
Test Format	Multiple choice questions
Test Delivery	ECC EXAM portal
Availability	ECC EXAM
Exam Prefix	312 – 39(ECC EXAM)
Passing Score	70%

On successful completion of this course students will receive a Torque IT attendance certificate.

Note:

When you attend any authorised EC Council training course at Torque IT you will receive the associated examination voucher as part of your course material. Your certification examination voucher can be used to book and pay for your certification examination at an Authorised EC Council Testing Center (ETC) only. If you are not able to sit your certification examination at Torque IT, and you have no other ETC locally available, you do have the ability to convert your examination voucher into a Pearson VUE examination voucher (Remote Procuring Services), at an additional cost.

EC-Council Overview

To beat a hacker, you need to think like one…

Ethical Hacking is the process of proactively penetrating systems, to which one has official permission to do so, with a view to determining whether vulnerabilities exist and then to undertake the necessary preventive, corrective, and protective countermeasures before an actual compromise to the systems can occur.

Torque IT’s authorised EC-Council training, and associated certification, solutions empower you to identify vulnerabilities and to assess the security posture of target systems. EC-Council certifications are universally recognised as demonstrating a high level of expertise and credibility for individuals and the organisations that employ them.

Torque IT being an EC-Council Accredited Training Center (ATC) has been the recipient of EC-Council’s most prestigious ATC of the year awards for 2016, 2014 and EC-Council’s Circle of Excellence Awards for 2015.

These achievements reflect our commitment to providing you with quality skills development, enablement, training, and certification solutions that demonstrate exceptional quality, depth and breadth.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

EC-Council Certified SOC Analyst – Self-Paced (Incl. Exam Voucher)

Type

Skill Level

Available dates

Learning Path

Duration

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

Introduction

Audience profile

Pre-requisites

What is EC-Council iLearn?

What is included?

How to Access the iLearn Portal?

Course objectives

Course content

Associated Certifications & Exam

EC-Council Overview

contact

Vendor
Authorised

Details

Menu

newsletter

EC-Council Certified SOC Analyst – Self-Paced (Incl. Exam Voucher)

Type

Skill Level

Available dates

Learning Path

Duration

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

Introduction

Audience profile

Pre-requisites

What is EC-Council iLearn?

What is included?

How to Access the iLearn Portal?

EC-Council Overview

contact

Vendor Authorised

Details

Menu

newsletter

Vendor
Authorised