The CSA Certified SOC Analyst program is designed to enable participants to apply central records management processes and acquire the skill of planning, organizing, monitoring and analyzing threats in an organization.
The course also aims to enable participants to monitor emerging threat patterns, perform security threat analysis, and learn about attacker tools, tactics, and procedures to identify Indicators of Compromise (IOCs) that can be used during active and future investigations.

Course outputs
• Demonstrate SOC processes, procedures, techniques and workflows.
• Understanding of security threats, attacks, vulnerabilities, attacker behaviour, cybercrime chain, etc.
• Learn about the attacker’s tools, tactics, and procedures to identify Indicators of Compromise (IOCs) that can be used during active and future investigations.
• Enable participants to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, and endpoint protection, servers and workstations).
• Enable participants to implement Centralized Records Management (CLM) processes.
• Enable participants to conduct security events, log collection, monitoring and analysis.
• Understanding of security information and event management.
• Learn to manage SIEM solutions (Splunk / AlienVault / OSSIM / ELK).
• Understanding of architecture, implementation and fine tuning of SIEM solutions (Splunk / AlienVault / OSSIM / ELK).
• Gain hands-on experience in the SIEM use case development process
• enabling participants to develop threat situations (rules of association), and generate reports, etc.
• Enable participants to learn about widely used use cases via SIEM deployment.
• Enable participants to plan, organize and implement threat monitoring and analysis in the organization.
• Enable participants to monitor emerging threat patterns and perform security threat analysis.
• Gain practical experience in alert alert operation.
• Learn how to escalate incidents to the appropriate teams for additional assistance.
• Learn how to use the Service Desk ticket system.
• Learn how to prepare briefings and reports of analysis methodology and findings.
• Enable participants to integrate threat intelligence into SIEM to enhance incident detection and response.
• Learn to take advantage of diverse, disparate and ever-changing threat information.
• Express knowledge of the incident response process.
• Understanding of SOC and IRT collaboration in order to best respond to incidents.

interlocutor
• Basic concepts of SOC
• Security operations and management
• Understanding of cyber threats, IoCs and attack methodology
• Incidents, events and blocks
• Incident detection using Security Information and Event Management (SIEM)
• Enhanced incident detection with threat intelligence
Incident response