Professional Documents
Culture Documents
L1&L2
SOCAnalyst
TrainingCourse
CourseHighlights
• 40hoursofInstructor-ledTraining
• AccesstheRecordedSessions
• SessionforInterviewPrep
• PostTrainingSupport
MANYMORE...
&NAVIGATOR
WhyKnowledgeit?
40hoursofInstructor- Hands-onLabs
ledTraining
Scenario-basedLearning SessionforInterviewPrep
CareerGuidance PostTrainingSupport
Telegram AccesstotheRecordedS
DiscussionGroup essions
CourseOverview
SOCAnalystsplayacrucialpositionintoday’ssecurityteamssincetheyareonthefrontlinesofcyber
defense,identifying andrespondingtocyberthreatsastheyoccur.
TheKnowledgeitSOCAnalysttrainingcourseisspecificallycreatedforaspiringandcurrentSOCAn
alystswhowanttolearnhowtoprevent,identify,assess,andrespondtocybersecuritythreatsandin
cidents.Thecourseisthefirstlevelofacourseseriesthatincludes Level1-SOCAnalystandLevel2-
SOCSpecialist,and isspecificallydesigned
toassistyouinmasteringovertrendingandin-
demandtechnicalabilitiestocarryoutnumeroussophisticatedSOCactivities.
ThistrainingcoursealsohelpsparticipantsplantheirpreparationfortheSOCAnalystcertification
examinations,whicharerequiredtoobtainthemostsought-afterpositionintheSOCteam.
TargetAudience
TechnicalSupportEngineersS
ystemAdministratorsSecurity
Consultants
CyberSecurity
AnalystsSecurity
SystemEngineersSOCAnalyst
s(L1&L2)
InformationSecurityResearcherN
etworkEngineers
RoleAnyonewhowantstobecomeSOCAnaly
st
Prerequisites
Priorknowledgeofnetworkingfundamentals,OSbasics,troubleshootingisrecommended
Experienceasanentry-levelSOCAnalyst,CyberSecurityAnalyst,InformationSecurityrole
ExperienceoftwoyearsintheInformationSecuritydomain
Domain1:SecurityTerminologies,OSBasics & NetworkFundamentals
COURSE CONTENT
Domain2:BlueTeamOperationsArchitecture
Domain3:SIEM-NervousSystemofSOC
Domain4:ImportanceofThreatIntelligence
Domain5:BasicsofIncidentResponse &Forensics
Domain1:SecurityTerminologies,OSB
asics&NetworkFundamentals
WhydoweneedSecurity?CI
ATriad
ConceptofAAAHackin
g ConceptsTypes of
HackersDomainsofSec
urityEthicalHackingPha
sesTypes of
AttacksNetworkFunda
mentals
NOCvsSOC
The OSI
ModelNetworkD
evices
NetworkTools–
Firewall,IDS,IPS,VPN,Switches,Routers
PortsandServices
ConductingaPortScanwithNmap[Practical]
WindowsOperatingSystemFundamentals[Practical]
InvestigatingWindowsOperatingSystemWindows
EventLogs
WindowsRegistryS
cheduled
TasksFile
AnalysisSysInterna
lsSuiteCommandP
rompt
Sysmon(SystemMonitor)
LinuxOperatingSystemFundamentals[Practical]
LinuxDirectoryServices
Mostuseful LinuxCommands
inSOCEventsLogsinLinux
LinuxSystemServices
Domain2:BlueTeamOperationsAr
chitecture
WhydoweneedSOC?W
hatisSOC?
Functions of
SOCSOCModels&Typ
esSOCTeams
&RolesIncidentsvsEv
ents
TruevsFalseIncidentCategoriesCo
nceptofLogging
LocalLoggingvsCentralizedLoggingLo
gManagement&LogAnalysis
LogManagementneeds
ConceptofLogAnalysisW
eb Server
LogsFirewallLogs
SSHLogs
WindowsEventLogs
UsingRegexforLogAnalysis [Practical]
SOCWorkflow:ITSMWorkflow
ITSMTools:ServiceNow,JIRA,BMC,RequestTracker,etc.
Domain3:SIEM-NervousSystemofSOC
WhydoweneedSIEM?W
hatisSIEM?
SecurityInformationManagement(SIM)SecurityE
ventManagement(SEM)
SIEMguidelinesandarchitecture
etc.UsingQRadar[Practical]
SectionIntroduction
UINavigation
analysisCreatingAlerts&Dashbo
ard
Domain4:ImportanceofThreatIntelligence
WhatisThreat?
WhydoweneedIntelligence?Introdu
ctiontoThreatIntelligence
Threats,ThreatActors,APTs&GlobalCampaignsNetworkLev
elThreats
WebAppLevelThreatsHost
LevelThreats
IOCs vs IOA vs
PrecursorsTraffic Light
Protocol
(TLP)PyramidofPain[Practic
al]
CollectingThreatIntelligence[Practical]
GatheringTypesofThreatIntelligence
StrategicThreatIntelligence
OperationalThreatIntelligenceT
acticalThreat
IntelligenceTechnicalThreatInte
lligence
EnhancedDetectionwithThreatIntelligence
Domain5:BasicsofIncidentResponse&For
ensics
ForensicsFundamentals
FileSystems
BasicsDigitalEvidenceandHand
lingOrderofVolatility
Chain
ofCustodyHashing
&Integrity
EmailForensics
WorksAnatomyofanEmail
WhatisPhishing?
Typesof Phishing
SpearPhishing
WhalingImper
sonation
TyposquattingandHomographsSe
nderSpoofing
URLShortening
BusinessEmailCompromise
AnalysingPhishingEmails[Practical]
AnalysingArtifacts
Red
FlagsofPhishingEmailsURLRe
putation
File
ReputationSPF
DKIMD
MARC
Manual&AutomatedAnalysis
IncidentResponse
IntroductiontoIncidentResponseW
hatisanIncidentResponse?
WhyisIRNeeded?
IncidentResponseLifecycle
IncidentResponsePlan:Preparation,Detection&Analysis,Cont
ainment,Eradication,Recovery,
LessonsLearnedIncidentResponse andSecurityOperations
IntegrationCaseStudy:CyberKill ChaininIncidentResponse
LockheedMartinCyberKillChainW
hatisit,whyisitused?
CaseStudy:MoneroCrypto-Mining
MITREATT&CKFramework[Practical]
Whatisit,whyisitused?Mat
rices
inMITREMappingDatawith
MitreCaseStudy1:APT3
CaseStudy2:OilRig
Focusesondeeperinvestigations,analysisandre
mediation
Proactivelyhuntsforadversaries
Monitorsandresolvesmorecomplexalerts
Loganalysis in QRadar
Usecasedevelopment,SOAR
Use case finetuning
Troubleshooting
IncidentResponse
Scheduled reports
MalwareAnalysis
Vulnerability Assessment
OWASP-10
SOCAnalystCourseBenefits
$120,000
$78,937
$80,000 $65,272
$60,000
$40,000
$20,000
HiringCompanies