Course: ICSI | CSA Certified SOC Analyst.

Overview.

The goal of the course is to provide students with the theoretical background and a hands-on experience in security operations to become certified SOC analysts. Students will learn to effectively monitor, analyse and respond to cyber security incidents within the Security Operations Centre (SOC) using a variety of tools such as Snort, Suricata, Wireshark and Wazuh.

  • Security Professionals
  • Security Analysts
  • SOC Analysts (Tier 1)
  • Network Security Administrators and Engineers

Basic familiarity with networking, Windows and Linux operating system.

Module 1: Introduction to Junior Security Analyst (SOC)

Lessons:

  • Junior Security Analyst Role
  • Security Operations Centre (SOC)
  • A day in the life of a Junior Security Analyst

 

Review Questions

Module 2: Introduction to Cyber Defence Frameworks

Lessons:

  • NIST Cybersecurity Framework
  • MITRE
  • Cyber Kill Chain
  • Unified Kill Chain

Review Questions

Module 3: Threat Intelligence

Lessons:

  • Introduction to threat Intelligence
  • Threat Intelligence Tools
  • NIST 800-115

Labs

  • Analysing Malicious Attachments Using VirusTotal

Module 4: Network Traffic Analysis

Lessons:

  • Network Security
  • Traffic Analysis
  • Wireshark

Labs

  • Using Wireshark to Analyse TCP Traffic
  • Using Wireshark to Analyse UDP Traffic
  • Using Wireshark to Identify a DDoS Attack

Module 5: Endpoint Security

Lessons:

  • Fundamentals of Endpoint Security
  • Logging and Monitoring Endpoints
  • Log Analysis on Endpoints

Labs

  • Install the Wazuh Agent on Windows
  • Install the Wazuh Agent on Linux (Ubuntu)

Module 6: SIEM (Security Information and Event Management)

Lessons:

  • Introduction to SIEM
  • Log Sources and Log Ingestion
  • Log Analysis and Alerts

Labs:

  • Forward Log Events to Wazuh

Module 7: IDS and IPS

Lessons:

  • Introduction to IDS and IPS
  • Fundamentals of Snort
  • Fundamentals of Suricata

Labs:

  • Identifying Malicious Network traffic with Snort
  • Detecting DDoS Attacks Using Suricata

Module 8: Reporting Security Incidents

Lessons:

  • Reporting Security Incidents
  • Incident Report Process
  • A Complete Incident Report: What You Need to Know
  • The Importance of Communications