Scribd Logo
Upload

Welcome to Scribd!

  • Knowledge IT SOC Analyst L1&L2 Curriculam

    Uploaded by

    itz.whitedevil23
    2 views17 pages
    Research Analyzing logs involves several steps, here's a simplified step-by-step guide: 1. **Collecting Logs**: Gather logs from various sources like servers, applications, network devices, etc. These logs can be in text files, databases, or sent to a centralized logging system. 2. **Parsing Logs**: Extract relevant information from the logs such as timestamps, log levels, error messages, user actions, etc. Tools like Logstash, Fluentd, or regular expressions can be used for parsing. 3. **Sto

    Original Title

    Knowledge_IT_SOC_Analyst_L1&L2_Curriculam

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Research Analyzing logs involves several steps, here's a simplified step-by-step guide: 1. **Collecting Logs**: Gather logs from various sources like servers, applications, network devices, etc. These logs can be in text files, databases, or sent to a centralized logging system. 2. **Parsing Logs**: Extract relevant information from the logs such as timestamps, log levels, error messages, user actions, etc. Tools like Logstash, Fluentd, or regular expressions can be used for parsing. 3. **Sto

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views17 pages

    Knowledge IT SOC Analyst L1&L2 Curriculam

    Uploaded by

    itz.whitedevil23
    Research Analyzing logs involves several steps, here's a simplified step-by-step guide: 1. **Collecting Logs**: Gather logs from various sources like servers, applications, network devices, etc. These logs can be in text files, databases, or sent to a centralized logging system. 2. **Parsing Logs**: Extract relevant information from the logs such as timestamps, log levels, error messages, user actions, etc. Tools like Logstash, Fluentd, or regular expressions can be used for parsing. 3. **Sto

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    CyberSecurity

    L1&L2
    SOCAnalyst
    TrainingCourse
    CourseHighlights
    • 40hoursofInstructor-ledTraining

    • AccesstheRecordedSessions
    • SessionforInterviewPrep

    • PostTrainingSupport

    • Weekly review meetings (Post training)


    ToolsCovered

    MANYMORE...
    &NAVIGATOR
    WhyKnowledgeit?

    40hoursofInstructor- Hands-onLabs
    ledTraining

    Scenario-basedLearning SessionforInterviewPrep

    CareerGuidance PostTrainingSupport

    Telegram AccesstotheRecordedS
    DiscussionGroup essions
    CourseOverview
    SOCAnalystsplayacrucialpositionintoday’ssecurityteamssincetheyareonthefrontlinesofcyber
    defense,identifying andrespondingtocyberthreatsastheyoccur.

    TheKnowledgeitSOCAnalysttrainingcourseisspecificallycreatedforaspiringandcurrentSOCAn
    alystswhowanttolearnhowtoprevent,identify,assess,andrespondtocybersecuritythreatsandin
    cidents.Thecourseisthefirstlevelofacourseseriesthatincludes Level1-SOCAnalystandLevel2-
    SOCSpecialist,and isspecificallydesigned
    toassistyouinmasteringovertrendingandin-
    demandtechnicalabilitiestocarryoutnumeroussophisticatedSOCactivities.

    The course beginswith the fundamentals ofSOC teamsand Blue


    Teamoperationarchitecturebeforemovingontomoreadvancedtopicssuchasdigitalforensics,in
    cident response, threat intelligence, and SIEM (Security Incident and
    EventManagement)solutions.

    ThistrainingcoursealsohelpsparticipantsplantheirpreparationfortheSOCAnalystcertification
    examinations,whicharerequiredtoobtainthemostsought-afterpositionintheSOCteam.
    TargetAudience

    TechnicalSupportEngineersS

    ystemAdministratorsSecurity

    Consultants

    CyberSecurity

    AnalystsSecurity

    SystemEngineersSOCAnalyst

    s(L1&L2)

    InformationSecurityResearcherN

    etworkEngineers

    Network Architects orAdmin

    Entry-level Information Security

    RoleAnyonewhowantstobecomeSOCAnaly

    st

    Prerequisites
    Priorknowledgeofnetworkingfundamentals,OSbasics,troubleshootingisrecommended

    Experienceasanentry-levelSOCAnalyst,CyberSecurityAnalyst,InformationSecurityrole

    ExperienceoftwoyearsintheInformationSecuritydomain
    Domain1:SecurityTerminologies,OSBasics & NetworkFundamentals
    COURSE CONTENT

    Domain2:BlueTeamOperationsArchitecture

    Domain3:SIEM-NervousSystemofSOC

    Domain4:ImportanceofThreatIntelligence

    Domain5:BasicsofIncidentResponse &Forensics
    Domain1:SecurityTerminologies,OSB
    asics&NetworkFundamentals
    WhydoweneedSecurity?CI

    ATriad

    ConceptofAAAHackin

    g ConceptsTypes of

    HackersDomainsofSec

    urityEthicalHackingPha

    sesTypes of

    AttacksNetworkFunda

    mentals

    NOCvsSOC

    The OSI

    ModelNetworkD

    evices

    NetworkTools–

    Firewall,IDS,IPS,VPN,Switches,Routers

    PortsandServices

    ConductingaPortScanwithNmap[Practical]
    WindowsOperatingSystemFundamentals[Practical]

    InvestigatingWindowsOperatingSystemWindows

    EventLogs

    WindowsRegistryS

    cheduled

    TasksFile

    AnalysisSysInterna

    lsSuiteCommandP

    rompt

    Sysmon(SystemMonitor)

    LinuxOperatingSystemFundamentals[Practical]

    LinuxDirectoryServices

    Mostuseful LinuxCommands

    inSOCEventsLogsinLinux

    LinuxSystemServices
    Domain2:BlueTeamOperationsAr
    chitecture
    WhydoweneedSOC?W

    hatisSOC?

    Functions of

    SOCSOCModels&Typ

    esSOCTeams

    &RolesIncidentsvsEv

    ents

    TruevsFalseIncidentCategoriesCo

    nceptofLogging

    LocalLoggingvsCentralizedLoggingLo

    gManagement&LogAnalysis

    LogManagementneeds

    ConceptofLogAnalysisW

    eb Server

    LogsFirewallLogs

    SSHLogs

    WindowsEventLogs

    UsingRegexforLogAnalysis [Practical]

    SOCWorkflow:ITSMWorkflow

    ITSMTools:ServiceNow,JIRA,BMC,RequestTracker,etc.
    Domain3:SIEM-NervousSystemofSOC
    WhydoweneedSIEM?W

    hatisSIEM?

    SecurityInformationManagement(SIM)SecurityE

    ventManagement(SEM)

    SIEMguidelinesandarchitecture

    SIEM Capabilities: Aggregation, Correlation, Reporting, Storage, Alerts,

    etc.UsingQRadar[Practical]

    SectionIntroduction

    UINavigation

    Using filters for log

    analysisCreatingAlerts&Dashbo

    ard
    Domain4:ImportanceofThreatIntelligence
    WhatisThreat?

    WhydoweneedIntelligence?Introdu

    ctiontoThreatIntelligence

    Threats,ThreatActors,APTs&GlobalCampaignsNetworkLev

    elThreats

    WebAppLevelThreatsHost

    LevelThreats

    IOCs vs IOA vs

    PrecursorsTraffic Light

    Protocol

    (TLP)PyramidofPain[Practic
    al]
    CollectingThreatIntelligence[Practical]

    Paid vs Open-Source Intelligence

    GatheringTypesofThreatIntelligence

    StrategicThreatIntelligence

    OperationalThreatIntelligenceT

    acticalThreat

    IntelligenceTechnicalThreatInte

    lligence

    EnhancedDetectionwithThreatIntelligence
    Domain5:BasicsofIncidentResponse&For
    ensics
    ForensicsFundamentals

    FileSystems

    Hard Disk Drive

    BasicsDigitalEvidenceandHand

    lingOrderofVolatility

    Chain

    ofCustodyHashing

    &Integrity

    EmailForensics

    How Electronic Mail

    WorksAnatomyofanEmail

    WhatisPhishing?

    Typesof Phishing

    SpearPhishing

    WhalingImper

    sonation

    TyposquattingandHomographsSe

    nderSpoofing

    URLShortening

    BusinessEmailCompromise
    AnalysingPhishingEmails[Practical]

    AnalysingArtifacts

    Red

    FlagsofPhishingEmailsURLRe

    putation

    File

    ReputationSPF

    DKIMD

    MARC

    Manual&AutomatedAnalysis

    IncidentResponse

    IntroductiontoIncidentResponseW

    hatisanIncidentResponse?

    WhyisIRNeeded?

    IncidentResponseLifecycle

    IncidentResponsePlan:Preparation,Detection&Analysis,Cont

    ainment,Eradication,Recovery,

    LessonsLearnedIncidentResponse andSecurityOperations

    IntegrationCaseStudy:CyberKill ChaininIncidentResponse

    LockheedMartinCyberKillChainW

    hatisit,whyisitused?

    CaseStudy:MoneroCrypto-Mining
    MITREATT&CKFramework[Practical]

    Whatisit,whyisitused?Mat

    rices

    inMITREMappingDatawith

    MitreCaseStudy1:APT3

    CaseStudy2:OilRig

     Focusesondeeperinvestigations,analysisandre
    mediation
     Proactivelyhuntsforadversaries
     Monitorsandresolvesmorecomplexalerts
     Loganalysis in QRadar
     Usecasedevelopment,SOAR
     Use case finetuning
     Troubleshooting
     IncidentResponse
     Scheduled reports
     MalwareAnalysis
     Vulnerability Assessment
     OWASP-10
    SOCAnalystCourseBenefits

    $120,000

    $100,000 $87,220 $87,985


    $81,744 $85,647

    $78,937
    $80,000 $65,272

    $60,000

    $40,000

    $20,000

    HiringCompanies

    You might also like