Select Page

Certified SOC Analsyt

Certified SOC Analyst training covers up roles and responsibilities of L1, L2 and L3 team .The SOC team mainly responsible for the ongoing, operational component of enterprise information security. Security operations center staff is comprised primarily of security analysts who work together to detect, analyze, respond to, report on, and prevent cybersecurity incidents. Additional capabilities of some security operations centers can include advanced forensic analysis, crypt-analysis, and malware reverse engineering to analyze incidents.

Learn detailed methodologies of Incident Response and Incident management with our Security Operational Center Training. With SOC training, We are Covering a wide range of SIEM methodologies as per organizations, Log analysis, vulnerability scanning techniques, and various industry-oriented use cases with SPLUNK and OSSIMM.

certified SOC Analyst

REAL LIFE CASE STUDIES

INSTRUCTOR-LED SESSIONS

INDUSTRY DRIVEN CERTIFICATION

DAILY ASSIGNMENTS

STUDENT LEARNING KIT

 

syllabus

syllabus

certified SOC Analyst | SOC-121 1
module 1 : Certified SOC analyst Essentials
  •  SOC models, SOC types, and organizational positioning
  •  SOC budgeting and planning of scope
  • SOC Implementation Model,  The Library of Cyber Resilience Metrics, NIST NICE
  •  SOC Maturity Model and SOC-CMM tool
  •  Business drivers, Customers, Charter, Governance, Privacy
  •  Roles and hierarchy of teams
  •  SOC management, Operations, and facilities, Reporting, Use case management
  •  SOC- Core Technologies: SIEM, IDPS, Analytics, and SOAR
  •  SOC- Services: Security Monitoring, Incident Response, Security Analysis, Threat Intelligence, Threat Hunting, Vulnerability Management, Log Managements

 

certified cyber security specialist
module 2 : OS Baseline Primer
  • TCP/IP stack model & Networking primer
  • Windows internals
  • Active Directory fundamentals & Logs
  • Virtualization , orchestration & Network designs

 

certified SOC Analyst | SOC-121 2
module 3 : Vulnerability Assessment & Audit
  • Vulnerability detection products 
  • Nessus vulnerability scanning & management
  • Wireshark Exploring the Stacks
  • System hardening and Audits of firewalls , VPN , Routers , Switches , DLP , IDS and IPS

 

 

certified SOC Analyst | SOC-121 3
module 4 : Understaing the logs
  • Data Collection Strategies: Log content, use cases & SIEM rules, Threat-based & business requirement-based logging, log retention
  • Logs and Log Collection: Mechanisms, Syslog, Agents, File-based logging, Log formats, Indexing, and log normalization, log parsing, Regular expressions, Anchors, Repetitions

 

certified SOC Analyst | SOC-121 4
module 5 : ALianvault and Security Onion
  • AlienVault fundamentals and architecture deployment.
  • Vulnerability scanning & monitoring with OSSIMM.
  • What is Security Onion?
  • Monitoring and analysis tools
  • Replaying traffic on a standalone server

 

Stars review
module 6 : Splunk In depth
  • Splunk Configuration ,customizations and implementation
  • Selecting the right Plan for the organization
  • SPL language primer 
  • Log parsing and filtering
  • Building Dashboards
  • Monitoring and Alerting the vulnerabilites 

 

Investigation and Security training
module 7 : ELK for organisations
  • Implementing Elastic SIEM 
  • Visualizations with Kibana
  • KQL language primer 
  • logstash and collections
  • Building Dashboards with ELK
  • hunting and monitoring anomaly with ELK SIEM

 

WinDows
module 8 : IBM Qradar SIEM in depth
  • Understating the Need of Qradar vs Other SIEM 
  • Customizing the configurations
  • Understating the architecture
  • Working with log collection
  • Mapping the vulnerabilities with Qradar
  • AQL language for blue teams
  • Developing and customizing rules

 

certified SOC Analyst | SOC-121 5
module 9 : Threat intelligence , hunting strategies & tectices
  •  Threat Intelligence types, protocols & standards, feeds, platforms
  • ISACs and other communities, Chatham House Rule 
  •  CTI process, CTI infrastructure management
  •  CTI skills: NIST NICE – CTI Analyst
  • Cyber Kill Chain versus MITRE ATT&CK and PRE-ATT&CK Frameworks
  • Lockheed Martin Cyber Kill Chain
  • OODA loop, Diamond model of intrusion analysis.
  • MaGMa, MaGMa UCF Tool
  • SIGINT, OSINT, HUMINT, GEOINT
  • Threat and APT motivations
  • Tools, Techniques, Tactics
  • Living-off-the-land Techniques

 

certified IOS pentester
module 10 : Threat intelligence Advance

  • Operational Intelligence
    • What are the precursors how they’re different from IOCs, how we monitor them?
    • What TTP are, why they’re important, using to maintain defenses (preventative)
  • Tactical Threat Intelligence
    • Threat Exposure Checks, how to check your environment for the presence of bad IOCs
    • What are watchlists, how to monitor for IOCs (SIEM, IDPs, AV, EDR, FW)
    • Public Exposure Assessments, google dorks, harvester, social media
    • Open-Web Information Collection
    • How intel companies scrape dark web intel, why it’s useful, data breach dumps, malicious actors on underground forums, commodity malware for sale
    • Malware Information Sharing Platform (MISP)
  • Strategic Threat Intelligence
    • What IOCs are, how they’re generated and shared, using IOCs to feed defenses
    • Why intelligence sharing intel is important, existing partnerships, US-CERT, NCCIC, NCSC, ISACs
    • IOC/TTP Gathering and Distribution
    • Campaign Tracking & Situational Awareness
    • OSINT vs. Paid-for Sources
      • Threat Intelligence Vendors, Public Threat Feeds, National Vulnerability Database, Twitter

 

certified network security professional
module 11 : INCIDENT REPOSNSE
Introduction to Incident Response

  • What is Incident Response?
  • Why is IR Needed?
  • Security Events vs. Security Incidents
  • Incident Response Lifecycle – NIST SP 800 61r2
    • What is it, why is it used?

 Preparation of Planning and procedures

  • Incident Response Plans, Policies, and Procedures
  • The Need for an IR Team
  • Asset Inventory and Risk Assessment to Identify High-Value Assets
  • DMZ and Honeypots
  • Host-based Defenses
    • HIDS, NIDS
    • Antivirus, EDR
    • Local Firewall
    • User Accounts
    • GPO
  • Network-based Defenses
    • NIDS
    • NIPS
    • Proxy
    • Firewalls
    • NAC
  • Email Defenses and techniques
    • Spam Filter
    • Attachment Filter
    • Attachment Sandboxing
    • Email Tagging
  • Physical Defenses
  • Deterrents
  • Access Controls
  • Monitoring Controls
  • Human Defenses
  • Security Awareness Training
  • Security Policies
  • Incentives

 Detection and Analysis

  • Common Events and Incidents
  • Establishing Baselines and Behavior Profiles
  • Central Logging (SIEM Aggregation)
  • Analysis (SIEM Correlation)

 Containment, Eradication, Recovery

  • CSIRT and CERT Explained
  • Containment Measures
    • Network Isolation, Single VLAN, Powering System(s) Down, Honeypot Lure
  • Taking Forensic Images of Affected Hosts
    • Linking Back to Digital Forensics Domain
  • Identifying and Removing Malicious Artefacts
    • Memory and disk analysis to identify artifacts and securely remove them
  • Identifying Root Cause and Recovery Measures

 Lessons Learned

  • What Went Well?
    • Highlights from the Incident Response
  • What Could be Improved?
    • Issues from the Incident Response, and How These Can be Addressed
  • Important of Documentation
    • Creating Runbooks for Future Similar Incidents, Audit Trail
  • Metrics and Reporting
    • Presenting Data in Metric Form
  • Further Reading

     

    who should attend this training?
    • Freshers

    • Ethical hackers

    • System Administrators

    • Network Administrators

    • Engineers

    • Web admins

    • Auditors

    • Security Professionals

    why should i take this training?

    The era of the technology is now growing every day but due to dependency on the technology cyber frauds and attacks are also increased so to take defense for yourself and your business this is best suitable training to take entry in this domain.

    prerequisite of the training ?

    The person should familiar with basic computer operations 

    What is the duration of the training ?

    Its an Instructor-led online training and the total duration of the training is 45 hours.

    For more info certified soc

    Analyst kindly connect with

    us 

    7 + 12 =

    Our clients

    Testimonials

    Today I’ve completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
    This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.
    Satyam Singh

    BCA, Delhi University

    Positive: Professionalism, Quality, Responsiveness, Value

    5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .

    Ravi

    Cyber Security Consultant , Red Hawk

    together Let’s Create the future

    13 + 4 =