SOC Analyst Training
⏰24 hours | ▶️ 24 Videos | 📣 8262 Participants | 🎓 3950 Reviews | 4.8 ⭐⭐⭐⭐⭐
Choose a Plan that Works for You
Self Paced
Unlimited Access- Advanced sessions
- Interview Q&A
- Free study Materials
- Premium Technical support
Instructor Led Live Training
Unlimited Access- Live Instructor
- Advanced sessions
- Interview Q&A
- Premium Technical Support
Corporate Training
Unlimited Access- Live Instructor
- Advanced sessions
- Interview Q&A
- Premium Technical Support
Upcoming Batches PST
Weekday
Dec 11(1 HR A DAY) |
07:00 PM PST |
Enroll Now → |
Weekday
Dec 27(1 HR A DAY) |
07:00 AM PST |
Enroll Now → |
Weekend
Dec 28(1 HR A DAY) |
07:00 PM PST |
Enroll Now → |
Upcoming Batches IST
Weekday
Dec 12(1 HR A DAY) |
07:30 AM IST |
Enroll Now → |
Weekday
Dec 27(1 HR A DAY) |
07:30 PM IST |
Enroll Now → |
Weekend
Dec 29(1 HR A DAY) |
07:30 AM IST |
Enroll Now → |
Course Description
Security operation center (SOC) analyst training provides knowledge on security information management and security event management.
Security analysts needed to know information technology security tools and their functions, moral knowledge on software and hardware tools.
Our course includes IT security, cybersecurity, cloud security, big data concepts, and the internet of crucial remedies to be a SOC analyst.
Get enrolled with our online classes and learn the fundamental requirements of a security operation center analyst with 24/7 tech support.
Acquire hands-on experiments under our trainer and get practiced on the different security tools.
Build a roadmap for cracking the SOC certification exam and drive towards your dream job as a SOC analyst.
Features
✅Lifetime access | ✅Lifetime video access |
✅Real-time case studies | ✅The project integrated into the Curriculum |
✅24*7 Support from our team of administrators |
Course Content
1.Security Operations Centre
- Building a successful SOC
- Functions of SOC
- Heart of SOC- SIEM
- Gartner’s magic quadrant
- SIEM guidelines and architecture
ELK Stack:
- Introduction and an overview of Elastic SIEM
- User interface
- How to as a part of alert investigations or interactive threat hunting
- MDR vs. Traditional SIEM; and other various solutions
- Elastic search: Understanding of Architecture, curator fundamentals
- Index template for routing, mapping
- KIBANA: Configuration, policies, visualization
- Deep-dive of Log architecture, parsing, alerts
SecurityOnion
- What is Security Onion?
- Monitoring and analysis tools
- Security Onion Architecture
- Deployment types
- Installing a Standalone server: checking system services with sostat, security onion with web browser tools, security onion terminal
- Replaying traffic on a standalone server
Splunk In-Depth
- Industrial requirements of Splunk in various fields
- Splunk terminologies, search processing language, and various industry use cases AlienVault OSSIM fundamentals
- AlienVault fundamentals and architecturedeployment
- Vulnerability scanning & monitoring with OSSIM
Introduction to QRadar
- IBM QRadar SIEM component architecture and data flows
- Using the QRadar SIEM User Interface
Fun with logs
- Working with offense triggered by events
- Working with offense triggered by flows
Monitoring
- Monitor QRadar Notifications and error messages.
- Monitor QRadar performance
- Review and interpret system monitoring dashboards.
- Investigate suspected attacks and policy breaches
- Search, filter, group, and analyze security data
Tools exposure provided in the above section:
- SecurityOnion
- ELK Stack
- SGUILD
- Wireshark
- Splunk
- AlienVault OSSIM
- IBM Qradar CE
2.Digital Forensics
- Section Introduction
- What is Digital Forensics?
- Collecting evidence typically related to cybercrime
- Digital Subject Access Requests
- Computer Forensics Process
- Identification, Preservation, collection, examination, analysis, reporting
- Working with Law Enforcement
- The difference between an internal security issue and one that requires external assistance
2. Forensics Fundamentals Section Introduction
- Introduction to Data Representation hexadecimal, octal, binary files vs. txt files, timestamp formats: UNIX epoch, MAC, Chrome, Windows, FILETIME
- Hard Drive Basics
- Platters, sectors, clusters, slack space
- SSD Drive Basics
- garbage, collection, TRIM, wear leveling
- File Systems
- FAT16, FAT32, NTFS, EXT3/EXT4, HFS+/APFS
- Metadata & File Carving
- Memory, Page File, and Hibernation File
- Order of Volatility
3. Evidence Forms
- Section Introduction
- Volatile Evidence
- Memory RAM, Cache, Registers content, Routing tables, ARP cache, process table,kernel statistics, temporary filesystem/swap space
- Disk Evidence
- Data on Hard Disk or SSD
- Network Evidence
- Remotely Logged Data, Network Connections/Netflow, PCAPs, Proxy logs
- Web & Cloud Evidence
- Cloud storage/backups, chat rooms, forums, social media posts, blog posts
- Evidence Forms
- Laptops, desktops, phones, hard drives, tablets, digital cameras, smartwatches, GPS
4. Chain of Custody
- Section Introduction
- What is the Chain of Custody?
- Why is it Important?
- In regard to evidence integrity and examiner authenticity
- Guide for Following the Chain of Custody
- evidence collection, reporting/documentation, evidence hashing, write-blockers, working on a copy of original evidence
5. Windows Investigations
- Section Introduction
- Artifacts
- Registry, Event Logs, Prefetch, .LNK files, DLLs, services, drivers, common malicious locations, schedules tasks, start-up files
- Limitations
- Example Investigations
6. *nix Investigations
- Section Introduction
- Artefacts
- Limitations
- Example Investigations
- Artefact Collection
- Section Introduction
- Equipment
- non-static bags, faraday cage, labels, clean hard drives, forensic workstations,
Disk imagers, hardware write blockers, cabling, blank media, and photographs
- Tools
- Wireshark, Network Miner, and others
- ACPO Principles
- Live Forensics
- Fast acquisition of key files
- How to Collect Evidence
- Laptops, desktops, phones, hard drives, tablets, websites, forum posts, blog posts, social media posts, chat rooms
- Types of Hard Drive Copies visible data, bit for bit, slackspace
7. Live Forensics
- Section Introduction
- Live Acquisition
- What is a live acquisition/live forensics? Why is it beneficial?
- Products
- Carbon Black, Encase, memory analysis with agents, Custom Scripts
- Potential Consequences
- Damaging or modifying evidence making it invalid
8. Post-Investigation
- Section Introduction
- Report Writing
- Evidence Retention
- Legal retention periods, internal retention periods
- Evidence Destruction
- Overwriting, degaussing, shredding, wiping
- Further Reading
9. Tools exposure provided in the above section:
- Command-LINE for Windows / Linux
- FTK IMAGER
- MAGNATE RAM CAPTURE
- AUTOPSY
- Volatility
- Volatility WorkBench
- ENCASE
3.Incident Response Domain
- What is Incident Response?
- Why is IR Needed?
- Security Events vs. Security Incidents
- Incident Response Lifecycle – NIST SP 800 61r2
- What is it, why is it used
- Lockheed Martin Cyber Kill Chain
- What is it, why is it used
- MITRE ATT&CK Framework
- What is it, why is it used
2. Preparation
- Incident Response Plans, Policies, and Procedures
- The Need for an IR Team
- Asset Inventory and Risk Assessment to Identify High-Value Assets
- DMZ and Honeypots
- Host Defenses
- HIDS, NIDS
- Antivirus, EDR
- Local Firewall
- User Accounts
- GPO
- Network Defenses
- NIDS
- NIPS
- Proxy
- Firewalls
- NAC
- Email Defenses
- Spam Filter
- Attachment Filter
- Attachment Sandboxing
- Email Tagging
- Physical Defenses
- Deterrents
- Access Controls
- Monitoring Controls
- Human Defenses
- Security Awareness Training
- Security Policies
- Incentives
3. Detection and Analysis
- Common Events and Incidents
- Establishing Baselines and Behavior Profiles
- Central Logging (SIEM Aggregation)
- Analysis (SIEM Correlation)
4. Containment, Eradication, Recovery
- CSIRT and CERT Explained
- What are they, and why are they useful?
- Containment Measures
- Network Isolation, Single VLAN, Powering System(s) Down, Honeypot Lure
- Taking Forensic Images of Affected Hosts
- Linking Back to Digital Forensics Domain
- Identifying and Removing Malicious Artefacts
- Memory and disk analysis to identify artefacts and securely remove them
- Identifying Root Cause and Recovery Measures
5. Lessons Learned
- What Went Well?
- Highlights from the Incident Response
- What could be improved?
- Issues from the Incident Response, and How These Can be addressed
- Important of Documentation
- Creating Runbooks for Future Similar Incidents, Audit Trail
- Metrics and Reporting
- Presenting Data in Metric Form
- Further Reading
6. Tools exposure provided in the above section:
- SYSINTERNAL SUITE
- Hash Calculator
- Online Sources
- CyberChef
- Wireshark
- Network Minor
4.Threat Intelligence Domain
- Threat Intelligence Explained
- What is TI, why is it used?
- Why Threat Intelligence can be Valuable
- Situational awareness, investigation enrichment, reducing the attack surface
- Criticisms/Limitations of Threat Intelligence
- Attribution issues, reactive nature, old IOCs, false-positive IOCs
- The Future of Threat Intelligence
- Tenable Predictive Prioritization (mixing threat intel with vulnerability management data to calculate dynamic risk scores)
- Types of Intelligence
- SIGINT, OSINT, HUMINT, GEOINT
2. Threat Actors
- Common Threat Agents
- Cybercriminals, hacktivists, insider threats, nation-states
- Motivations
- Financial, social, political, other
- Skill Levels/Technical Ability
- Script Kiddies, Hackers, APTs
- Actor Naming Conventions
- Animals, APT numbers, other conventions
- Common Targets
- Industries, governments, organizations
3. Advanced Persistent Threats
- What are APTs?
- What makes an APT? Real-world examples of APTs + their operations
- Motivations for Cyber Operations
- Why APTs do what they do (financial, political, social)
- Tools, Techniques, Tactics
- What do APTs actually do when conducting operations
- Custom Malware/Tools
- Exploring custom tools used by APTs, why they’re used
- Living-off-the-land Techniques
- What LOTL is, why it’s used, why it can be effective
- Operational Intelligence
- Indicators of Compromise Explained & Examples
- What IOCs are, how they’re generated and shared, using IOCs to feed defenses
- Precursors Explained & Examples
- What precursors are, how they’re different from IOCs, how we monitor them
- TTPs Explained & Examples
- What TTPs are, why they’re important, using to maintain defences (preventative)
- MITRE ATT&CK Framework
- Framework explained and how we map cyber-attacks, real-world example
- Lockheed Martin Cyber Kill Chain
- Framework explained and how we map cyber-attacks, real-world example
- Attribution and its Limitations
- Why attribution is hard, impersonation, sharinginfrastructure, copy-cat attacks
5. Tactical Threat Intelligence
- Threat Exposure Checks Explained
- What TECs are, how to check your environment for the presence of bad IOCs
- Watchlists/IOC Monitoring
- What are watchlists, how to monitor for IOCs (SIEM, IDPS, AV, EDR, FW)
- Public Exposure Assessments
- What PEAs are, how to conduct them, google dorks, harvester, social media
- Open-Web Information Collection
- How OSINT data is scraped, why it’s useful
- Dark-Web Information Collection
- How intel companies scrape dark web intel, why it’s useful, data breach dumps, malicious actors on underground forums, commodity malware for sale
- Malware Information Sharing Platform (MISP)
- What is MISP, why is it used, how to implement MISP
Tools exposure provided in the above section:
- AlienVAULT OTX
- MITRE & ATTACK
- MISP
- Maltego
- ONLINE SOURCES
6. Strategic Threat Intelligence
- Intelligence Sharing and Partnerships
- Why sharing intel is important, existing partnerships, US-CERT, NCCIC, NCSC, ISACs
- IOC/TTP Gathering and Distribution
- Campaign Tracking & Situational Awareness
- Why we track actors, why keeping the team updated is important
- New Intelligence Platforms/Toolkits
- Undertaking proof-of-value demos to assess the feasibility of new tooling
- OSINT vs. Paid-for Sources
- Threat Intelligence Vendors, Public Threat Feeds, National Vulnerability Database, Twitter
7. Malware and Global Campaigns
- Types of Malware Used by Threat Actors
- Trojans, RATs, Ransomware, Back- doors, Logic Bombs
- Globally recognized Malware Campaigns
- Emotet, Magecart, IcedID, Sodinikobi, Trickbot, Lokibot
8. Further Reading
- Further Reading Material
- Links to more resources that students may find helpful.
FAQ’s
❓ Do you offer any discount/offer?
✅ Yes, offers keep changing from time to time. You can chat with us or call our training coordinator for more details.
❓ Is there any demo video which I can watch before enrolling to the course?
✅ Yes, we have provided a Demo video section on each course page so that you can get a glimpse into the course you want to enroll.
❓ How soon after signing up would I get access to the learning content?
✅ Yes, we will provide access to all the learning materials after the complete payment for the course.
Related Blogs
Drop US a Query
Suggested Courses
MuleSoft Training
⭐⭐⭐⭐⭐
😃 221 Learners
Pega Training
⭐⭐⭐⭐⭐
😃 391 Learners
Rpa Training
⭐⭐⭐⭐⭐
😃 106 Learners
WorkDay Training
⭐⭐⭐⭐⭐
😃 158 Learners
A few of our students
Contact Us