Certified SOC Analsyt
Certified SOC Analyst training covers up roles and responsibilities of L1, L2 and L3 team .The SOC team mainly responsible for the ongoing, operational component of enterprise information security. Security operations center staff is comprised primarily of security analysts who work together to detect, analyze, respond to, report on, and prevent cybersecurity incidents. Additional capabilities of some security operations centers can include advanced forensic analysis, crypt-analysis, and malware reverse engineering to analyze incidents.
Learn detailed methodologies of Incident Response and Incident management with our Security Operational Center Training. With SOC training, We are Covering a wide range of SIEM methodologies as per organizations, Log analysis, vulnerability scanning techniques, and various industry-oriented use cases with SPLUNK and OSSIMM.
REAL LIFE CASE STUDIES
INDUSTRY DRIVEN CERTIFICATION
STUDENT LEARNING KIT
- SOC models, SOC types, and organizational positioning
- SOC budgeting and planning of scope
- SOC Implementation Model, The Library of Cyber Resilience Metrics, NIST NICE
- SOC Maturity Model and SOC-CMM tool
- Business drivers, Customers, Charter, Governance, Privacy
- Roles and hierarchy of teams
- SOC management, Operations, and facilities, Reporting, Use case management
- SOC- Core Technologies: SIEM, IDPS, Analytics, and SOAR
- SOC- Services: Security Monitoring, Incident Response, Security Analysis, Threat Intelligence, Threat Hunting, Vulnerability Management, Log Managements
- TCP/IP stack model & Networking primer
- Windows internals
- Active Directory fundamentals & Logs
- Virtualization , orchestration & Network designs
- Vulnerability detection products
- Nessus vulnerability scanning & management
- Wireshark Exploring the Stacks
- System hardening and Audits of firewalls , VPN , Routers , Switches , DLP , IDS and IPS
- Data Collection Strategies: Log content, use cases & SIEM rules, Threat-based & business requirement-based logging, log retention
- Logs and Log Collection: Mechanisms, Syslog, Agents, File-based logging, Log formats, Indexing, and log normalization, log parsing, Regular expressions, Anchors, Repetitions
- AlienVault fundamentals and architecture deployment.
- Vulnerability scanning & monitoring with OSSIMM.
- What is Security Onion?
- Monitoring and analysis tools
- Replaying traffic on a standalone server
- Splunk Configuration ,customizations and implementation
- Selecting the right Plan for the organization
- SPL language primer
- Log parsing and filtering
- Building Dashboards
- Monitoring and Alerting the vulnerabilites
- Implementing Elastic SIEM
- Visualizations with Kibana
- KQL language primer
- logstash and collections
- Building Dashboards with ELK
- hunting and monitoring anomaly with ELK SIEM
- Understating the Need of Qradar vs Other SIEM
- Customizing the configurations
- Understating the architecture
- Working with log collection
- Mapping the vulnerabilities with Qradar
- AQL language for blue teams
- Developing and customizing rules
- Threat Intelligence types, protocols & standards, feeds, platforms
- ISACs and other communities, Chatham House Rule
- CTI process, CTI infrastructure management
- CTI skills: NIST NICE – CTI Analyst
- Cyber Kill Chain versus MITRE ATT&CK and PRE-ATT&CK Frameworks
- Lockheed Martin Cyber Kill Chain
- OODA loop, Diamond model of intrusion analysis.
- MaGMa, MaGMa UCF Tool
- SIGINT, OSINT, HUMINT, GEOINT
- Threat and APT motivations
- Tools, Techniques, Tactics
- Living-off-the-land Techniques
- Operational Intelligence
- What are the precursors how they’re different from IOCs, how we monitor them?
- What TTP are, why they’re important, using to maintain defenses (preventative)
- Tactical Threat Intelligence
- Threat Exposure Checks, how to check your environment for the presence of bad IOCs
- What are watchlists, how to monitor for IOCs (SIEM, IDPs, AV, EDR, FW)
- Public Exposure Assessments, google dorks, harvester, social media
- Open-Web Information Collection
- How intel companies scrape dark web intel, why it’s useful, data breach dumps, malicious actors on underground forums, commodity malware for sale
- Malware Information Sharing Platform (MISP)
- Strategic Threat Intelligence
- What IOCs are, how they’re generated and shared, using IOCs to feed defenses
- Why intelligence sharing intel is important, existing partnerships, US-CERT, NCCIC, NCSC, ISACs
- IOC/TTP Gathering and Distribution
- Campaign Tracking & Situational Awareness
- OSINT vs. Paid-for Sources
- Threat Intelligence Vendors, Public Threat Feeds, National Vulnerability Database, Twitter
- What is Incident Response?
- Why is IR Needed?
- Security Events vs. Security Incidents
- Incident Response Lifecycle – NIST SP 800 61r2
- What is it, why is it used?
Preparation of Planning and procedures
- Incident Response Plans, Policies, and Procedures
- The Need for an IR Team
- Asset Inventory and Risk Assessment to Identify High-Value Assets
- DMZ and Honeypots
- Host-based Defenses
- HIDS, NIDS
- Antivirus, EDR
- Local Firewall
- User Accounts
- Network-based Defenses
- Email Defenses and techniques
- Spam Filter
- Attachment Filter
- Attachment Sandboxing
- Email Tagging
- Physical Defenses
- Access Controls
- Monitoring Controls
- Human Defenses
- Security Awareness Training
- Security Policies
Detection and Analysis
- Common Events and Incidents
- Establishing Baselines and Behavior Profiles
- Central Logging (SIEM Aggregation)
- Analysis (SIEM Correlation)
Containment, Eradication, Recovery
- CSIRT and CERT Explained
- Containment Measures
- Network Isolation, Single VLAN, Powering System(s) Down, Honeypot Lure
- Taking Forensic Images of Affected Hosts
- Linking Back to Digital Forensics Domain
- Identifying and Removing Malicious Artefacts
- Memory and disk analysis to identify artifacts and securely remove them
- Identifying Root Cause and Recovery Measures
- What Went Well?
- Highlights from the Incident Response
- What Could be Improved?
- Issues from the Incident Response, and How These Can be Addressed
- Important of Documentation
- Creating Runbooks for Future Similar Incidents, Audit Trail
- Metrics and Reporting
- Presenting Data in Metric Form
- Further Reading
who should attend this training?
why should i take this training?
The era of the technology is now growing every day but due to dependency on the technology cyber frauds and attacks are also increased so to take defense for yourself and your business this is best suitable training to take entry in this domain.
prerequisite of the training ?
The person should familiar with basic computer operations
What is the duration of the training ?
Its an Instructor-led online training and the total duration of the training is 45 hours.
For more info certified soc
Analyst kindly connect with