Certified SOC Analyst (CSA)

Kaplan Singapore

Course introduction

Successful candidates will be able to:

  • Gain knowledge of SOC processes, procedures, technologies, and workflows.
  • Gain basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, and cyber kill chain, etc.
  • Recognise attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
  • Monitor and analyse logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers and workstations).
  • Gain knowledge of Centralised Log Management (CLM) process.
  • Perform security events and log collection, monitoring and analysis.
  • Gain experience and extensive knowledge of Security Information and Event Management.
  • Gain knowledge on administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK).
  • Understand the architecture, implementation and fine tuning of SIEM solutions (Splunk/AlienVault/OSSIM/ELK).
  • Gain hands-on experience on SIEM use case development process.
  • Develop threat cases (correlation rules), create reports, etc.
  • Learn use cases that are widely used across the SIEM deployment.
  • Plan, organise, and perform threat monitoring and analysis in the enterprise.
  • Monitor emerging threat patterns and perform security threat analysis.
  • Gain hands-on experience in alert triaging process.
  • Escalate incidents to appropriate teams for additional assistance.
  • Use a Service Desk ticketing system.
  • Prepare briefings and reports of analysis methodology and results.
  • Gain knowledge of integrating threat intelligence into SIEM for enhanced incident detection and response.
  • Make use of varied, disparate, constantly changing threat information.
  • Gain knowledge of Incident Response Process.
  • Gain understanding of SOC and IRT collaboration for better incident response.

Course Pre-Requisites

Minimum at Age: 16 years old

Work Experience: The CSA programme requires a candidate to have one year of work experience in the Network Admin/Security domain and should be able to provide proof of the same as validated through the application process unless the candidate attends official training.

Target Audience

  • SOC Analysts (Tier I and Tier II)
  • Network and Security Administrators, Network and Security Engineers, Network Defense Analyst, Network Defense Technicians, Network Security Specialist, Network Security Operator and any security professional handling network security operations
  • Cybersecurity Analyst
  • Entry-level cybersecurity professionals
  • Anyone who wants to become a SOC Analyst

Course Outline

Mode of training: Classroom

Duration: 3 days, minimum of 24 hours

Course Structure:
Module 1: Security Operations and Management
Module 2: Understanding Cyber Threats, IoCs, and Attack Methodology
Module 3: Incidents, Events, and Logging
Module 4: Incident Detection with Security Information and Event Management (SIEM)
Module 5: Enhanced Incident Detection with Threat Intelligence
Module 6: Incident Response

Available Course Sessions

Please click here to stay updated on upcoming sessions.

Trainer Profile


Kaplan reserves the right to change trainer, in light of unforeseen circumstances.