Module VII – Cyber Defense Analysis

As the security landscape expands, a SOC team provides high-quality IT security
services to actively detect potential cyber threats/attacks and respond quickly to security
incidents. Organizations need skilled SOC analysts who can serve as frontline defenders,
alerting other professionals to emerging and current cyber threats.
A SOC analyst continuously monitors and detects potential threats, triages alerts and
escalates them appropriately. Without a SOC analyst, processes such as monitoring,
detection, analysis, and triage will lose effectiveness, which will ultimately negatively
impact the organization.
This course covers:
● the fundamental principles of SOC operations,
● knowledge of log management and correlation,
● basic knowledge for the deployment of a SIEM,
● incident detection and incident response.

Below are the different modules that will be covered:

Chapter 1 – Operations and Security Management

– Understand the fundamentals of SOC
– Discuss the components of the SOC: people, process and technology
– Understand the implementation of the SOC

Chapter 2 – Understanding Cyber ​​Threats, IoCs and Attack Methodology

– Describe the term cyber threats and attacks
– Understand attacks at the network level
– Understand host-level attacks
– Understand application-level attacks
– Understand Indicators of Compromise (IoC)
– Discuss the attacker's hacking methodology

Chapter 3: Incidents, Events and Logging

– Understand the fundamentals of incidents, events and logging
– Explain local logging concepts
– Explain the concepts of centralized logging

Chapter 4 – Incident Detection with Security Information and Event

Management (SIEM)
– Understand the basic concepts of Security Information and Event Management
(SIEM)
– Discuss the different SIEM solutions
– Understand SIEM deployment
– Learn different use case examples for application-level incident detection
– Learn different use case examples for internal incident detection
– Learn different use case examples for network-level incident detection
– Learn different use case examples for host-level incident detection
– Learn different use case examples for compliance
– Understand the concept of alert triage management and analysis

Chapter 5 – Improving Incident Detection with Threat Intelligence

– Learn the fundamental concepts of Threat Intelligence
– Learn different types of Threat Intelligence
– Understand how Threat Intelligence strategy is developed
– Learn the different sources of threat intelligence from which intelligence can be
obtained
– Learn different Threat Intelligence Platforms (TIP)
– Understand the need for a Threat Intelligence based SOC
Chapter 6 – Incident Response
– Understand the fundamental concepts of incident response
– Learn the different phases of the incident response process
– Learn how to respond to network security incidents
– Learn how to respond to application security incidents
– Learn how to respond to email security incidents
– Learn how to respond to internal incidents
– Learn how to respond to malware incidents