get app

    SOC Analyst Training

    BY
    Infosec Train

    Level up your SOC skills and improve your career prospects with Infosec Train’s SOC Analyst Training course.

    Brochure Enquire
    Mode

    Online

    Quick Facts

    particular details
    Medium of instructions English
    Mode of learning Self study, Virtual Classroom
    Mode of Delivery Video and Text Based
    Frequency of Classes Weekends

    Course overview

    Are you a current or aspiring SOC analyst looking to get a firmer grip on the domain? Then, the SOC Analyst Training course by Infosec Train is the programme you’re looking for! Via 80 hours of instructor-led training, you will receive comprehensive insights into SOC concepts, operations, and workflows. This curriculum is a fantastic choice for current and aspiring SOC analysts in L1/L2/L3 to comfortably upskill and mitigate business risks. 

    The SOC Analyst syllabus can be customised as per your requirements, for which you need to speak to the training advisor. There are three kinds of learning modes available – one-to-one training, online training, and corporate training. 

    In the SOC Analyst certification, you will also have access to recorded sessions if you fail to attend one. Free demo classes are available to give you an idea of how the curriculum works, the instructors involved, and the approach required. 

    Also Read: Cyber Security Certification Courses

    The highlights

    • 80 hours of learning
    • Multiple learning options available 
    • Instructor-led curriculum
    • Customised training
    • Certified trainers 
    • Free demo class available 
    • Training certificate available 
    • Access to recorded sessions 
    • Post-completion assistance

    Program offerings

    • Certified instructors
    • Customised curriculum
    • Multiple learning modes
    • Free demo class
    • Placement assistance
    • Certificate of completion

    Course and certificate fees

    certificate availability

    Yes

    certificate providing authority

    Infosec Train

    Who it is for

    Computer systems administrator

    The SOC Analyst programme by Infosec Train is ideal for –

    • L1, L2, and L3 SOC analysts 
    • Technical support engineers 
    • System administrators 
    • Security consultants 
    • Security system engineers 
    • Cybersecurity analysts 

    Eligibility criteria

    Enrolling on the SOC Analyst course by Infosec Train requires that you possess prior knowledge of basic networking, OS, and troubleshooting. You must also have entry-level experience as a SOC analyst, cybersecurity analyst, or in an Information Security role. For the Information Security domain, you must have 2 years of experience or more.

    What you will learn

    Knowledge of cyber security

    After undertaking the SOC Analyst online Training course, you will be able to –

    • Secure data for your organisation using technical tools, strategies, and techniques
    • Understand data threats and their countermeasures 
    • Have a deep knowledge of network forensics and incident response 
    • Analyse and classify malware
    • Understand the Cybersecurity industry in depth

    The syllabus

    Domain 1: Security Operations Centre

    Introduction to SOC
    • Functions of SOC 
    • Building a successful SOC 
    • Heart of SOC – SIEM
    • SIEM guidelines and architecture 
    • Gartner’s magic quadrant
    ELK Stack
    • User interface
    • An overview and introduction of Elastic SIEM
    • Traditional SIEM vs MDR; and other various solutions
    • How to as a part of interactive threat hunting or alert investigations 
    • Elasticsearch: Understanding of Curator fundamentals, Architecture
    • KIBANA: Configuration, policies, visualisation
    • Index template for routing, mapping
    • Deep-dive of Log architecture, parsing, alerts 
    SecurityOnion
    • Monitoring and analysis tools
    • What is Security Onion?
    • Security Onion Architecture
    • Installing a Standalone server: security onion with web browser tools, checking system services with sostat, security onion terminal
    • Deployment types
    • Replaying traffic on a standalone server
    Splunk in-Depth
    • Splunk terminologies, various industry use cases, and search processing language
    • Industrial requirements of Splunk in diverse fields
    AlienVault OSSIM fundamentals
    • Monitoring with OSSIM and Vulnerability scanning
    • AlienVault fundamentals and architecture deployment
    Introduction to QRadar
    • Using the QRadar SIEM User Interface
    • IBM QRadar SIEM component architecture and data flows
    Fun with logs
    • Working with offense triggered by flows
    • Working with offense triggered by events
    Monitoring
    • Search, group, filter, and analyse security data
    • Review and interpret system monitoring dashboards
    • Monitor QRadar Notifications and error messages
    • Investigate suspected attacks and policy breaches
    • Monitor QRadar performance
    Tools exposure provided in the above section
    • ELK Stack
    • SecurityOnion
    • SGUILD
    • Splunk
    • Wireshark
    • IBM Qradar CE
    • AlienVault OSSIM

    Domain 2: Digital Forensics

    Introduction to Digital Forensics
    • Digital Subject Access Requests
    • Section Introduction
    • What is Digital Forensics?
    • Collecting evidence usually related to cybercrime
    • Working with Law Enforcement
    • The difference between an internal security issue and one that requires external assistance
    • Computer Forensics Process
    • Identification, Preservation, collection, examination, analysis, reporting
    Section Introduction
    • Hard Drive Basics
    • Platters, sectors, slack space, clusters
    • Introduction to Data Representation
    • hexadecimal, binary files vs txt files, octal, timestamp formats: MAC, UNIX epoch, Chrome, FILETIME, Windows
    • SSD Drive Basics
    • TRIM, wear levelling, garbage, collection,
    • Metadata & File Carving
    • Memory, Page File, and Hibernation File
    • Order of Volatility 
    • File Systems
    • FAT16, EXT3/EXT4, FAT32, NTFS, HFS+/APFS
    Evidence Forms
    • Volatile Evidence
    • Memory RAM, Cache, ARP cache, Registers content, Routing tables, process table, temporary file, kernel statistics
    • system/swap space
    • Section Introduction
    • Disk Evidence
    • Data on Hard Disk or SSD
    • Web & Cloud Evidence
    • Social media posts, cloud storage/backups, chat rooms, forums, blog posts
    • Network Evidence
    • PCAPs, Proxy logs, Remotely Logged Data, Network Connections/Netflow
    • Laptops, desktops, digital cameras,  phones, hard drives, tablets, smartwatches, GPS
    • Evidence Forms
    Chain of Custody
    • What is the Chain of Custody?
    • Section Introduction
    • Why is it Important?
    • In regard to evidence integrity and examiner authenticity
    • Guide for Following the Chain of Custody
    • Evidence hashing, write-blockers, evidence collection, reporting/documentation, working on a copy of original evidence
    Windows Investigations
    • Section Introduction
    • Limitations
    • Example Investigations
    • Artifacts

    • LNK files, DLLs, services, registry, event Logs, Prefetch, drivers, schedules tasks, start-up files, common malicious locations

    nix Investigations
    • Section Introduction
    • Limitations
    • Example Investigations
    • Artefacts
    • Artefact Collection
    • Section Introduction
    • Equipment
    • Clean hard drives, forensic workstations, non-static bags, faraday cage, labels, Disk imagers, cabling, blank media,  hardware write blockers, photographs
    • Wireshark, Network Miner, and others
    • Tools
    • ACPO Principles
    • How to Collect Evidence
    • Live Forensics
    • Laptops, desktops, websites, forum posts, phones, hard drives, tablets, blog posts, social media posts, chat rooms
    • Fast acquisition of key files
    • Types of Hard Drive Copies, slack space, visible data, bit for bit
    Live Forensics
    • Section Introduction
    • Products
    • Carbon Black, memory analysis with agents,  Encase, Custom Scripts
    • Live Acquisition
    • What is live acquisition/live forensics? Why is it beneficial?
    • Potential Consequences
    • Damaging or modifying evidence making it invalid
    Post-Investigation
    • Report Writing
    • Section Introduction
    • Evidence Retention
    • Legal retention periods, internal retention periods
    • Further Reading
    • Evidence Destruction
    • Overwriting,  shredding, wiping, degaussing
    Tools exposure provided in the above section
    • Command-LINE for Windows / Linux
    • Volatility
    • FTK IMAGER
    • MAGNATE RAM CAPTURE
    • AUTOPSY
    • ENCASE
    • Volatility WorkBench

    Domain 3: Incident Response Domain

    Introduction to Incident Response
    • Why is IR Needed?
    • What is Incident Response?
    • Security Events vs Security Incidents
    • Incident Response Lifecycle – NIST SP 800 61r2
    • What is it, why is it used
    • MITRE ATT&CK Framework
    • What is it, why is it used
    • Lockheed Martin Cyber Kill Chain
    • What is it, why is it used?
    Preparation
    • The Need for an IR Team
    • Incident Response Plans, Procedures, and Policies
    • Risk Assessment and Asset Inventory to Identify High-Value Assets
    • Host Defences
    • HIDS, NIDS
    • User Accounts
    • GPO
    • Antivirus, EDR
    • Local Firewall
    • DMZ and Honeypots
    • Network Defences
    • Proxy
    • Firewalls
    • NIDS
    • NIPS
    • NAC
    • Email Defences
    • Attachment Sandboxing
    • Spam Filter
    • Attachment Filter
    • Email Tagging
    • Access Controls
    • Physical Defences
    • Deterrents
    • Monitoring Controls
    • Security Awareness Training
    • Human Defences
    • Incentives
    • Security Policies
    Detection and Analysis
    • Analysis (SIEM Correlation)
    • Common Events and Incidents
    • Central Logging (SIEM Aggregation)
    • Establishing Baselines and Behaviour Profiles
    Containment, Eradication, Recovery
    • CERT and CSIRT Explained
    • What are they, and why are they useful?
    • Taking Forensic Images of Affected Hosts
    • Linking Back to Digital Forensics Domain
    • Containment Measures
    • Network Isolation, Honeypot Lure, Single VLAN, Powering System(s) Down
    • Identifying Root Cause and Recovery Measures
    • Identifying and Deleting Malicious Artefacts
    • Disk and memory analysis to find artefacts and safely remove them
    Lessons Learned
    • What Could be Improved?
    • Issues from the Incident Response, and How These Can be Addressed
    • What Went Well?
    • Incident Response Highlights 
    • Metrics and Reporting
    • Presenting Data in Metric Form
    • Important of Documentation
    • Creating Runbooks for Audit Trail, Future Similar Incidents
    • Further Reading
    Tools exposure provided in the above section
    • Network Minor
    • Hash Calculator
    • Online Sources
    • SYSINTERNAL SUITE
    • CyberChef
    • Wireshark

    Domain 4: Threat Intelligence Domain

    Introduction to Threat Intelligence
    • Section Introduction
    • Why Threat Intelligence can be Valuable
    • Situational awareness, reducing the attack surface,  investigation enrichment,
    • Threat Intelligence Explained
    • What is TI, why is it used
    • Criticisms/Limitations of Threat Intelligence
    • Reactive nature, old IOCs, attribution issues, false-positive IOCs
    • Types of Intelligence
    • HUMINT, GEOINT, SIGINT, OSINT 
    • The Future of Threat Intelligence
    • Tenable Predictive Prioritisation (mixing vulnerability management data  with threat intel to evaluate dynamic risk scores)
    Threat Actors
    • Motivations
    • Financial, political, social, other
    • Common Threat Agents
    • Cybercriminals, nation-states, hacktivists, insider threats
    • Skill Levels/Technical Ability
    • Script Kiddies, Hackers, APTs
    • Common Targets
    • Industries, organisations, governments
    • Actor Naming Conventions
    • APT numbers, Animals, other conventions
    Advanced Persistent Threats
    • Motivations for Cyber Operations
    • Why APTs do what they do (social, political, financial)
    • What are APTs?
    • What makes an APT?, Real-world examples of APTs + their operations
    • Custom Malware/Tools
    • Why they’re used, Exploring custom tools used by APTs, 
    • Tools, Tactics, Techniques
    • What do APTs do when conducting operations
    • Living-off-the-land Techniques
    • What LOTL is, why it can be effective, why it’s used
    Operational Intelligence
    • Precursors Explained & Examples
    • What precursors are, how they’re different from IOCs, how we monitor them
    • Indicators of Compromise Explained & Examples
    • What IOCs are, using IOCs to feed defences, how they’re generated and shared
    • TTPs Explained & Examples
    • What TTPs are, using to maintain defences (preventative), why they’re important
    • Lockheed Martin Cyber Kill Chain
    • Framework, how we map cyber-attacks, real-world example
    • MITRE ATT&CK Framework
    • Framework, how we map cyber-attacks, real-world examples
    • Pyramid of Pain
    • You’ll wish we didn’t teach you this. It’s called the Pyramid of Pain for a reason.
    • Attribution and its Limitations
    • Why attribution is hard, sharing infrastructure, impersonation, copy-cat attacks
    Tactical Threat Intelligence
    • Watchlists/IOC Monitoring
    • What are watchlists, monitoring  for IOC (AV, EDR, FW, SIEM, IDPS)
    • Threat Exposure Checks Explained
    • What TECs are, how to check your environment for bad IOCs
    • Open-Web Information Collection
    • How OSINT data is scraped, why it’s useful
    • Public Exposure Assessments
    • What PEAs are, how to conduct them, media, google dorks, harvester, social
    • Malware Information Sharing Platform (MISP)
    • What is MISP, how to implement MISP, why is it used
    • Dark-Web Information Collection
    • How intel companies scrape dark web intel, why it’s useful, malicious actors on underground forums, data breach dumps, commodity malware for sale
    Strategic Threat Intelligence
    • IOC/TTP Gathering and Distribution
    • Intelligence Sharing and Partnerships
    • Why sharing intel is important, NCCIC, NCSC, ISACs, US-CERT, existing partnerships
    • Campaign Tracking & Situational Awareness
    • Why track actors, why keeping the team updated is crucial 
    • OSINT vs Paid-for Sources
    • Threat Intelligence Vendors, National Vulnerability Database, Public Threat Feeds, Twitter
    • New Intelligence Platforms/Toolkits
    • Undertaking proof-of-value demos to assess the feasibility of new tooling
    Malware and Global Campaigns
    • Globally recognised Malware Campaigns
    • Sodinikobi, Trickbot, Lokibot, Emotet, Magecart, IcedID
    • Types of Malware Used by Threat Actors
    • Ransomware, Backdoors, Trojans, RATs, Logic Bombs
    Further Reading
    • Further Reading Material

    • Links to more helpful resources

    Tools exposure provided in the above section
    • MISP
    • AlienVAULT OTX
    • MITRE & ATTACK
    • Maltego
    • ONLINE SOURCES

    Admission details

    Follow the steps mentioned below to get yourself enrolled for the SOC Analyst course –

    • Click here: https://www.infosectrain.com/courses/soc-analyst-expert-training/ to visit the SOC Analyst Training course. 
    • Use the ‘Enrol Now’ tab to fill an application form with your basic details such as full name, email address, etc. 
    • You will receive a confirmation call from Infosec Train’s team within the next 24 hours. Course details will be sent to your email id. 

    Filling the form

    A simple application form must be filled to enrol for Infosec Train’s SOC Analyst classes programme. You will need to enter basic details such as your full name, contact number, email address, and country of residence. 

    How it helps

    Successful completion of the SOC Analyst Training course will help you improve your prospects as a SOC analyst, Cybersecurity analyst, or security administrator. The valuable certificate will also accelerate your chances of securing a job position in top companies. Moreover, this customised curriculum ensures that you have dealt with your unique weaknesses and nurtured your unique strengths. 

    Instructors

    Mr Bharat Mutha
    Instructor
    Freelancer

    Mr Abhy
    Trainer
    Freelancer

    FAQs

    What is the course duration?

    The curriculum duration is 80 hours. 

    Are flexible timings available for online SOC Analyst Training course?

    No. You will need to devote 4 hours per day until course completion.

    What if I miss any class?

    If you miss any session, you can access the recorded versions of each session to keep up.

    Is placement support available for the SOC Analyst Training course?

    Yes, placement support is available in the form of job interview preparation.

    What are the training’s best features?

    The training offers key features like a free demo class, access to recorded sessions, and post-training support, 

    Trending Courses

    Digital Marketing Courses Fashion Design Courses Data Science Courses Interior Design Courses Graphic Designing Courses Cyber Security Courses Nursing Courses Tally Courses Data Analysis Courses Web Designing Courses Artificial Intelligence Courses Ethical Hacking Courses Free Digital Marketing Courses And certifications Free Artificial Intelligence Courses And Certifications Free Data Analysis Courses And Certifications Free Cyber Security Courses And Certifications Free Data Science Courses And Certifications Free Cloud Computing Courses And Certifications Free Python Courses And Certifications Free Fashion And Textiles Courses And Certifications Free Graphic Designing Courses And Certifications Free Web Designing Courses And Certifications

    Popular Courses

    General Management Courses Public Health Courses Teaching and Education Courses Financial Management Courses Web Development Courses Mathematics Courses Data Science Courses Cyber Security Courses Programming Courses Digital Marketing Courses Law Courses Leadership Courses Explore all courses

    Popular Platforms

    upGrad Courses Udemy Courses Edx Courses Swayam Courses Coursera Courses Futurelearn Courses Mindmajix Technologies Courses Vskills Courses IIT Kharagpur Courses Emeritus Courses IIT Kanpur Courses NPTEL Courses Explore all platforms

    Learn more about the Courses

    10 Reasons to Enrol Yourself in a Digital Marketing Course 8 Must-Have Skills for AWS Cloud Architects Planning to Upskill Yourself? Enrol for a Program in Data Science 25+ Tips for Improving Your Graphic Design Skills Top Universities in India Offering Cyber Security Courses 15+ Courses for Learning Data Mining How to Make a Career in the Field of Artificial Intelligence Top 10 Benefits Of Holding A Certification In Business Intelligence Which are the best certification courses for Photography in India A Beginner's Guide to Pursue Python Programming Want to Pursue a Career in Blockchain Technology? Here is all that you need to Know How Entrepreneurs Can Use Machine Learning to Make their Business Successful? The Scope of Artificial Intelligence in India Top 10 Online Courses for Travel Lovers 10 Best Certification Courses After Hospital and Healthcare Management
    Providers
    Close

    Download the Careers360 App on your Android phone

    Regular exam updates, QnA, Predictors, College Applications & E-books now on your Mobile

    Careers360 App
    150M+ Students
    30,000+ Colleges
    500+ Exams
    1500+ E-books