Certified SOC-Analyst (CSA)

Für eine optimale Teilnahme am Kurs empfehlen wir folgende Vorkenntnisse:

• 1 Jahr Berufserfahrung im Bereich Network Admin/ Sicherheit haben und sollte diese im Rahmen des Bewerbungsprozesses nachweisen können Es sei denn, der Kandidat nimm

  Module 01: Security Operations and Management

  • Understand the principles of security management and the role of security operations
  • Discuss the Security Operations Center (SOC), its importance, capabilities, and functions
  • Describe SOC workflow and the elements: People, Process, and Technology
  • Compare different SOC models and their advantages and disadvantages
  • Understand SOC maturity models and SOC evolution
  • Identify KPIs, challenges, and best practices for effective SOC operations

  Module 02: Understanding Cyber Threats, IoCs, and Attack Methodology

  • Understand cyber threats and their impact on cybersecurity
  • Understand network-based tactics, techniques, and procedures (TTPs)
  • Understand host-based attack TTPs
  • Understand application-based attack TTPs
  • Understand social engineering attack TTPs
  • Understand email-based attack TTPs
  • Understand insider threats and their TTPs
  • Recognize indicators of compromise (IoCs)
  • Understand attack methodologies and frameworks

  Module 03: Log Management

  • Understand log management, its importance, and approaches
  • Analyze local logging: Windows, Linux, Mac
  • Analyze logging from firewalls and routers
  • Analyze logging from web servers, databases, and email systems
  • Implement centralized logging

  Module 04: Incident Detection and Triage

  • Understand the importance and architecture of SIEM
  • Understand SIEM solutions: types, advantages, and disadvantages
  • Deploy a SIEM solution
  • Manage SIEM use cases
  • Perform incident detection with SIEM
  • Use AI for generating SIEM rules
  • Triage and analyze alerts
  • Manage visualization and dashboards
  • Generate SOC reports

  Module 05: Proactive Threat Detection

  • Learn fundamentals of threat intelligence
  • Understand types and strategies of threat intelligence
  • Identify threat intelligence sources
  • Understand threat intelligence platforms
  • Explore intelligence-driven SOCs and their benefits
  • Enhance incident response using threat intelligence
  • Understand the importance of threat hunting
  • Understand threat hunting frameworks
  • Perform threat hunting with PowerShell, YARA, and tools

  Module 06: Incident Response

  • Introduction to incident response and the IRT
  • Understand phases of the incident response process
  • Respond to network security incidents
  • Respond to application security incidents
  • Respond to email security incidents
  • Respond to insider incidents
  • Respond to malware incidents
  • Understand SOC playbooks in incident response
  • Use EDR/XDR in incident response
  • Use SOAR for automated incident response

  Module 07: Forensics Investigation and Malware Analysis

  • Introduction to forensic investigation
  • Investigate network incidents
  • Investigate application security incidents
  • Investigate email incidents
  • Investigate insider incidents
  • Understand malware analysis
  • Perform static malware analysis
  • Perform dynamic malware analysis

  Module 08: SOC for Cloud Environments

  • Introduction to cloud SOC
  • Understand Azure SOC architecture, Microsoft Sentinel, and tools
  • Understand AWS SOC architecture, AWS Security Hub, and tools
  • Understand Google Cloud SOC architecture, Chronicle, and tools
  Hinweise

  C

  Zielgruppen
  • SOC-Analysten
  • Netzwerk- und Security-Administratoren
  • Netzwerk- und Security-Ingenieure
  • Netzwerk-Security-Spezialist
  • Security Experten
  • Cybersecurity Analyst