Cyber security operations center analyst

Security related risks are reduced by 70% when Business invest in cyber security training and awareness

Cyber security operations center analyst

This course is designed to create cyber security professionals that help deter the threats with the strong cyber skill-sets and to encourage and impart awareness around the ever-changing and evolving cyber security domain.

A security operations center (SOC) is a centralized unit capable of handling security issues that an enterprise may come across. This unit can operate as part of the enterprise IT security team or from a secure, remote location. The SOC employs multiple security devices and operations that work together to analyze and deal with security incidents. The SOC unit is driven by industry certified professionals which include seasoned and trained engineers. The Security Operations Centre (SOC) Analysis program puts together a wide variety of modules such as cyber threats, intelligence analysis, analytics and techniques employed to extract the right kind of information at the right time at a typical SOC setup.

OBJECTIVE

  • Understand how the different devices generate the logs & preserve the evidences
  • Understand the behaviors of different network devices like switches, routers, firewalls & how they generate the logs.
  • Learn the techniques to ingest the varies logs to SIEM tool
  • Gain in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber kill chain, SOC processes, procedures, technologies, and automation workflows.
  • Understand the MITRE ATT&CK Framework and Able to identify attacker techniques, tactics, and procedures (TTP) to investigate on indicators of compromise (IOCs) and provide automated / manual responses to eliminate the attack/incident.
  • Understand SOC and its processes, roles, responsibilities and implementation models
  • Able to monitor and work on alerts generated based on various log sources. Ex: IDS/IPS, AV, EDR, Firewall, Network Monitoring applications, etc.
  • Gain in-depth knowledge on all the latest defense technologies that are used in next generation SOC deployments. Ex: NGAV, SIEM, EDR, SOAR, TI, UEBA, IAM/PAM, etc.
  • Gain knowledge of Incident Response Methodology, processes and in-depth knowledge on how to integrate SOC processes with Incident Response processes and learn how to automate them as a single workflow.
  • Able to understand the concepts of Threat Intelligence and gain in-depth knowledge on how to integrate Threat Intelligence with the SIEM, SOAR, EDR and other SOC technologies to reduce the Mean time to Detect (MTTD) and Mean time to Respond (MTTR).
  • Hands on labs for various technologies like windows, Linux, firewalls, IDS/IPS & SIEM solutions
  • 5+ real time SOC setups to strengthen your skills with real-time

COURSE TOPIC’s

Topic

Sub topic

Details

System Essentials

Windows Basics

installation of windows server

introduction of active directory

Server roles – DHCP, DNS, Web server

Windows log analysis

Linux Basics

installation of Linux

understanding the linux architecture

linux users, groups

linux log analysis

Networking essentials

 

OSI layer

layer wise attack surface

Basics of firewall

firewall zones

Next gen firewall, Web application firewall

IDS/IPS

how to configure and deploy the suricata

installing suricata

configuring the suricata

testing the suricata

Vulnerability assessment

 Nessus & RAOU scanner

what is vulnerability assessment

how to do the vulnerability assessment

manual assessment vs automated assessment

Introduction to Nessus scanner

installing the Nessus scanner

performing the scans

Reporting

Introduction to RAPID scanner

installing the RAPID scanner

performing the scans

Reporting

SOC operations

cybersecurity basics

CIA triad

Security Operations and
Management

Understand the SOC Fundamentals

Discuss the Components of SOC: People, Processes and Technology

Understand the Implementation of SOC

Understanding Cyber Threats, IoCs, and Attack Methodology

Describe the term Cyber Threats and Attacks

Understand the Network Level Attacks

Understand the Host Level Attacks

Understand the Application Level Attacks

Understand the Indicators of Compromise (IoCs)

Discuss the Attacker’s Hacking Methodology

Incidents, Events, and Logging

Understand the Fundamentals of Incidents, Events and Logging

Explain the Concepts of Local Logging

Explain the Concepts of Centralized Logging

Incident Detection with
Security Information and Event
Management (SIEM)

Understand the Basic Concepts of Security Information and Event Management (SIEM)

Discuss the Different SIEM Solutions

Understand the SIEM Deployment

Learn Different Use Case Examples for Application Level Incident Detection

Learn Different Use Case Examples for Insider Incident Detection

Learn Different Use Case Examples for Network Level Incident Detection

Learn Different Use Case Examples for Host Level Incident Detection

Learn Different Use Case Examples for Compliance

Understand the Concept of Handling Alert Triaging and Analysis

Enhanced Incident Detection
with Threat Intelligence

Learn Fundamental Concepts on Threat Intelligence

Learn Different Types of Threat Intelligence

Understand How Threat Intelligence Strategy is Developed

Learn Different Threat Intelligence Sources from which Intelligence can be Obtained

Learn Different Threat Intelligence Platform (TIP)

Understand the Need of Threat Intelligence-driven SOC

Incident Response

Understand the Fundamental Concepts of Incident Response

Learn Various Phases in Incident Response Process

Learn How to Respond to Network Security Incidents

Learn How to Respond to Application Security Incidents

Learn How to Respond to Email Security Incidents

Learn How to Respond to Insider Incidents

Learn How to Respond to Malware Incidents

SIEM tools

QRadar

Introduction to QRadar &how it works

how to install and configure the QRadar community edition

how to onboard the different devices to QRadar (windows, Linux, firewalls)

log analysis

Incident Management

Creating custom detection rules

Generating reports

Splunk

What is Splunk & how it works

how to install and configure the Splunk enterprise

how to onboard the different devices to splunk (windows, Linux, firewalls)

log analysis & Incident Management

Creating custom detection rules

Generating reports

Wazua

What is Wazuh & how it works

how to install and configure the Wazuh SIEM

how to onboard the different devices to Wazuh (windows, Linux, firewalls)

log analysis & Incident Management

Creating custom detection rules

RAPID

What we have for you

  • A web based Learning management portal to access the recorded sessions and to perform the exercises. URL: EDUNXT (sslp.in)
  • Plenty of exercises, Practice tests & mock interview session
  • Attractive internships for the fresher’s along with 100% job placement assistance
  • Jobs references for the experienced candidates

Course duration

80-90 days (Monday to Friday)

Course Entry requirements

You will not be tested on these requirements for enrolment. However, we emphasize that without background knowledge it will be difficult to keep up with materials covered throughout the course and

even more challenging to pass the exams and assignments. The following are expected:

  • Prior knowledge in IT: OS and Networking
  • Passing an admission interview
  • Good command of the English language
  • A computer with configuration of: core i5 or equivalent processor, 16 GB RAM & 500 GB of free space.

Fees and admission process

  • Course fee will be 20,000/- (+18% GST)

Course registration form URL: https://forms.gle/n7MvsACGffYbStFL9