Cyber security operations center analyst
Security related risks are reduced by 70% when Business invest in cyber security training and awareness
Cyber security operations center analyst
This course is designed to create cyber security professionals that help deter the threats with the strong cyber skill-sets and to encourage and impart awareness around the ever-changing and evolving cyber security domain.
A security operations center (SOC) is a centralized unit capable of handling security issues that an enterprise may come across. This unit can operate as part of the enterprise IT security team or from a secure, remote location. The SOC employs multiple security devices and operations that work together to analyze and deal with security incidents. The SOC unit is driven by industry certified professionals which include seasoned and trained engineers. The Security Operations Centre (SOC) Analysis program puts together a wide variety of modules such as cyber threats, intelligence analysis, analytics and techniques employed to extract the right kind of information at the right time at a typical SOC setup.
OBJECTIVE
- Understand how the different devices generate the logs & preserve the evidences
- Understand the behaviors of different network devices like switches, routers, firewalls & how they generate the logs.
- Learn the techniques to ingest the varies logs to SIEM tool
- Gain in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber kill chain, SOC processes, procedures, technologies, and automation workflows.
- Understand the MITRE ATT&CK Framework and Able to identify attacker techniques, tactics, and procedures (TTP) to investigate on indicators of compromise (IOCs) and provide automated / manual responses to eliminate the attack/incident.
- Understand SOC and its processes, roles, responsibilities and implementation models
- Able to monitor and work on alerts generated based on various log sources. Ex: IDS/IPS, AV, EDR, Firewall, Network Monitoring applications, etc.
- Gain in-depth knowledge on all the latest defense technologies that are used in next generation SOC deployments. Ex: NGAV, SIEM, EDR, SOAR, TI, UEBA, IAM/PAM, etc.
- Gain knowledge of Incident Response Methodology, processes and in-depth knowledge on how to integrate SOC processes with Incident Response processes and learn how to automate them as a single workflow.
- Able to understand the concepts of Threat Intelligence and gain in-depth knowledge on how to integrate Threat Intelligence with the SIEM, SOAR, EDR and other SOC technologies to reduce the Mean time to Detect (MTTD) and Mean time to Respond (MTTR).
- Hands on labs for various technologies like windows, Linux, firewalls, IDS/IPS & SIEM solutions
- 5+ real time SOC setups to strengthen your skills with real-time
COURSE TOPIC’s
Topic | Sub topic | Details |
System Essentials | Windows Basics | installation of windows server |
introduction of active directory | ||
Server roles – DHCP, DNS, Web server | ||
Windows log analysis | ||
Linux Basics | installation of Linux | |
understanding the linux architecture | ||
linux users, groups | ||
linux log analysis | ||
Networking essentials | OSI layer | |
layer wise attack surface | ||
Basics of firewall | ||
firewall zones | ||
Next gen firewall, Web application firewall | ||
IDS/IPS | ||
how to configure and deploy the suricata | ||
installing suricata | ||
configuring the suricata | ||
testing the suricata | ||
Vulnerability assessment | Nessus & RAOU scanner | what is vulnerability assessment |
how to do the vulnerability assessment | ||
manual assessment vs automated assessment | ||
Introduction to Nessus scanner | ||
installing the Nessus scanner | ||
performing the scans | ||
Reporting | ||
Introduction to RAPID scanner | ||
installing the RAPID scanner | ||
performing the scans | ||
Reporting | ||
SOC operations | cybersecurity basics | CIA triad |
Security Operations and | Understand the SOC Fundamentals | |
Discuss the Components of SOC: People, Processes and Technology | ||
Understand the Implementation of SOC | ||
Understanding Cyber Threats, IoCs, and Attack Methodology | Describe the term Cyber Threats and Attacks | |
Understand the Network Level Attacks | ||
Understand the Host Level Attacks | ||
Understand the Application Level Attacks | ||
Understand the Indicators of Compromise (IoCs) | ||
Discuss the Attacker’s Hacking Methodology | ||
Incidents, Events, and Logging | Understand the Fundamentals of Incidents, Events and Logging | |
Explain the Concepts of Local Logging | ||
Explain the Concepts of Centralized Logging | ||
Incident Detection with | Understand the Basic Concepts of Security Information and Event Management (SIEM) | |
Discuss the Different SIEM Solutions | ||
Understand the SIEM Deployment | ||
Learn Different Use Case Examples for Application Level Incident Detection | ||
Learn Different Use Case Examples for Insider Incident Detection | ||
Learn Different Use Case Examples for Network Level Incident Detection | ||
Learn Different Use Case Examples for Host Level Incident Detection | ||
Learn Different Use Case Examples for Compliance | ||
Understand the Concept of Handling Alert Triaging and Analysis | ||
Enhanced Incident Detection | Learn Fundamental Concepts on Threat Intelligence | |
Learn Different Types of Threat Intelligence | ||
Understand How Threat Intelligence Strategy is Developed | ||
Learn Different Threat Intelligence Sources from which Intelligence can be Obtained | ||
Learn Different Threat Intelligence Platform (TIP) | ||
Understand the Need of Threat Intelligence-driven SOC | ||
Incident Response | Understand the Fundamental Concepts of Incident Response | |
Learn Various Phases in Incident Response Process | ||
Learn How to Respond to Network Security Incidents | ||
Learn How to Respond to Application Security Incidents | ||
Learn How to Respond to Email Security Incidents | ||
Learn How to Respond to Insider Incidents | ||
Learn How to Respond to Malware Incidents | ||
SIEM tools | QRadar | Introduction to QRadar &how it works |
how to install and configure the QRadar community edition | ||
how to onboard the different devices to QRadar (windows, Linux, firewalls) | ||
log analysis | ||
Incident Management | ||
Creating custom detection rules | ||
Generating reports | ||
Splunk | What is Splunk & how it works | |
how to install and configure the Splunk enterprise | ||
how to onboard the different devices to splunk (windows, Linux, firewalls) | ||
log analysis & Incident Management | ||
Creating custom detection rules | ||
Generating reports | ||
Wazua | What is Wazuh & how it works | |
how to install and configure the Wazuh SIEM | ||
how to onboard the different devices to Wazuh (windows, Linux, firewalls) | ||
log analysis & Incident Management | ||
Creating custom detection rules |
RAPID
What we have for you
- A web based Learning management portal to access the recorded sessions and to perform the exercises. URL: EDUNXT (sslp.in)
- Plenty of exercises, Practice tests & mock interview session
- Attractive internships for the fresher’s along with 100% job placement assistance
- Jobs references for the experienced candidates
Course duration
80-90 days (Monday to Friday)
Course Entry requirements
You will not be tested on these requirements for enrolment. However, we emphasize that without background knowledge it will be difficult to keep up with materials covered throughout the course and
even more challenging to pass the exams and assignments. The following are expected:
- Prior knowledge in IT: OS and Networking
- Passing an admission interview
- Good command of the English language
- A computer with configuration of: core i5 or equivalent processor, 16 GB RAM & 500 GB of free space.
Fees and admission process
- Course fee will be 20,000/- (+18% GST)
Course registration form URL: https://forms.gle/n7MvsACGffYbStFL9