EC-Council Certified SOC Analyst (CSA v2)
The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.
CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry. The program focuses on creating new career opportunities through extensive, meticulous knowledge with enhanced level capabilities for dynamically contributing to a SOC team. Being an intense 3-day program, it thoroughly covers the fundamentals of SOC operations, before relaying the knowledge of log management and correlation, SIEM deployment, advanced incident detection, and incident response. Additionally, the candidate will learn to manage various SOC processes and collaborate with CSIRT at the time of need.
As the security landscape is expanding, a SOC team offers high quality IT-security services to actively detect potential cyber threats/attacks and quickly respond to security incidents. Organizations need skilled SOC Analysts who can serve as the front-line defenders, warning other professionals of emerging and present cyber threats
-
SOC Fundamentals – Understand the SOC workflow, including processes, procedures, technologies, and operational models.
-
Threat Intelligence – Identify, classify, and analyze security threats, attack vectors, attacker behaviors, and Indicators of Compromise (IoCs).
-
SIEM Management – Gain expertise in SIEM platforms: architecture, deployment, fine-tuning, and administration.
-
Log & Event Analysis – Collect, monitor, and analyze security events and logs using Centralized Log Management (CLM).
-
Threat Detection – Build hands-on skills in threat detection through SIEM use cases, correlation rules, and reporting.
-
Threat Hunting – Apply threat hunting frameworks and use tools such as PowerShell, Yara, and other utilities to detect emerging threats.
- SOC Tier 3 Analyst
- SOC Security Analyst
- SOC Analyst I
- Cyber Security Analyst
- Security Incident Response Analyst / SOC Analyst
- Information Assurance Compliance Analyst
- Junior SOC Analyst
- Junior Program Analyst
- Junior Program Analyst
- SOC Tier 2 Analyst
- Cyber Incident Response Analyst / SOC Analyst
- Junior Monitoring Analyst
- Security Analyst I
- Jr. Vulnerability Analyst
- Global Information Security SOC Team Lead
- Program Analyst
-
The candidate must have one year of work experience in the network administration or security domain.
-
This work experience must be verifiable through the application process.
-
If the candidate attends official EC-Council training (through an accredited center or via EC-Council), the requirement to prove work experience may be waived
- Understand the principles of security management and identify the role of security operations in effective security management
- Discuss Security Operations Center (SOC) and analyze its importance, capabilities, and functions.
- Describe the SOC workflow flow and identify the People, Process and Technology involved in SOC
- Compare different SOC models and their respective advantages and disadvantages
- Explain the concept of SOC maturity models and evolution of SOC
- Identify KPI's, challenges and implement best practices for effective SOC operations and management
- Understand Cyber threats and its impact on Cyber Security
- Understand Network Attack Tactics, Techniques, and Procedures (TTPs)
- Understand Host Attack Tactics, Techniques, and Procedures (TTPs)
- Understand Application Attack Tactics, techniques, and Procedures (TTPs)
- Understand Social Engineering Attack Tactics, Techniques, and Procedures (TTPs)
- Understand Email Attack Tactics, Techniques, and Procedures (TTPs)
- Understand Insider Attack Tactics, Techniques, and Procedures (TTPs)
- Understand and Recognize the Indicators of Compromise (IoCs) of Various Attacks
- Understanding Attack Methodology and Frameworks
- Understand Log Management its importance and approaches
- Understand and Analyze Local Logging Practices: Windows, Linux and Mac Logs
- Understand and Analyze Local Logging Practices: Firewall and Router Logs
- Understand and Analyze Local Logging Practices: Web Server, Database, Email
- Understand and Implement Centralized Logging
- Understand the Importance and Architecture of Security Information and Event Management (SIEM)
- Understand Types of SIEM Solutions and their advantages and Disadvantages
- Understand Deploying a SIEM solution
- Understand SIEM Use case Management
- Learn Incident Detection with SIEM
- Understand the use of AI for generating SIEM rule
- Understand Handling Alert Triaging and Analysis
- Understand Visualization and Dashboard Management in SOC
- Understand SOC Reports
- Learn Fundamental Concepts of Threat Intelligence
- Understand Types and Strategies of Threat Intelligence
- Understand the Various Threat Intelligence Sources
- Understand Threat Intelligence Platforms (TIP)
- Understanding Threat Intelligence-Driven SOC and Its Benefits to SOC Team
- Demonstrate the Use of Threat Intelligence Use Cases to Enhance Incident Response
- Understand Threat Hunting and its Significance
- Understand Threat Hunting Frameworks
- Demonstrate Threat Hunting using PowerShell, Yara, and Threat Hunting Tools
- Understand about Incident Response
- Learn Various Phases in Incident Response Process
- Learn to Responding to Network Security Incidents
- Learn to Responding to Application Security Incidents
- Learn to Responding to Email Security Incidents
- Learn to Respond to Insider Incident
- Learn to Respond to Malware Incidents
- Understanding the Role of SOC Playbooks in Incident Response
- Understand Enhanced Incident Response using Endpoint Detection and Response (EDR) / Extended Detection and Response (XDR)
- Understand about Forensic Investigation
- Investigating Network Security Incidents
- Learn to Investigate Application Security Incidents
- Learn to Investigate Email Security Incidents
- Learn to Investigate Insider Incidents
- Understand Malware Analysis
- Learn to Perform Static Malware Analysis
- Learn to Perform Dynamic Malware Analysis
- Introduction to Cloud SOC
- Understand Azure SOC Architecture, Microsoft Sentinel and Security Tools
- Understand AWS SOC Architecture, AWS Security Hub and security tools
- Understand Google Cloud Platform (GCP) SOC Architecture, Security Command Center, Chronicle and security tools