Successful candidates will be able to:
- Gain knowledge of SOC processes, procedures, technologies, and workflows.
- Gain basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, and cyber kill chain, etc.
- Recognise attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
- Monitor and analyse logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers and workstations).
- Gain knowledge of Centralised Log Management (CLM) process.
- Perform security events and log collection, monitoring and analysis.
- Gain experience and extensive knowledge of Security Information and Event Management.
- Gain knowledge on administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK).
- Understand the architecture, implementation and fine tuning of SIEM solutions (Splunk/AlienVault/OSSIM/ELK).
- Gain hands-on experience on SIEM use case development process.
- Develop threat cases (correlation rules), create reports, etc.
- Learn use cases that are widely used across the SIEM deployment.
- Plan, organise, and perform threat monitoring and analysis in the enterprise.
- Monitor emerging threat patterns and perform security threat analysis.
- Gain hands-on experience in alert triaging process.
- Escalate incidents to appropriate teams for additional assistance.
- Use a Service Desk ticketing system.
- Prepare briefings and reports of analysis methodology and results.
- Gain knowledge of integrating threat intelligence into SIEM for enhanced incident detection and response.
- Make use of varied, disparate, constantly changing threat information.
- Gain knowledge of Incident Response Process.
- Gain understanding of SOC and IRT collaboration for better incident response.
Minimum at Age: 16 years old
Work Experience: The CSA programme requires a candidate to have one year of work experience in the Network Admin/Security domain and should be able to provide proof of the same as validated through the application process unless the candidate attends official training.
- SOC Analysts (Tier I and Tier II)
- Network and Security Administrators, Network and Security Engineers, Network Defense Analyst, Network Defense Technicians, Network Security Specialist, Network Security Operator and any security professional handling network security operations
- Cybersecurity Analyst
- Entry-level cybersecurity professionals
- Anyone who wants to become a SOC Analyst
Mode of training: Classroom
Duration: 3 days, minimum of 24 hours
Module 1: Security Operations and Management
Module 2: Understanding Cyber Threats, IoCs, and Attack Methodology
Module 3: Incidents, Events, and Logging
Module 4: Incident Detection with Security Information and Event Management (SIEM)
Module 5: Enhanced Incident Detection with Threat Intelligence
Module 6: Incident Response
Available Course Sessions
Please click here to stay updated on upcoming sessions.
Kaplan reserves the right to change trainer, in light of unforeseen circumstances.