Once you have completed this course, you’ll be able to learn:
- Gain Knowledge of SOC processes, procedures, technologies, and workflows.
- Gain a basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber kill chain, etc.
- Able to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
- Able to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers and workstations).
- Gain knowledge of the Centralized Log Management (CLM) process.
- Able to perform security events and log collection, monitoring, and analysis.
- Gain experience and extensive knowledge of security information and event management.
- Gain knowledge of Administering SIEM Solutions (Splunk/AlienVault/OSSIM/ELK).
- Gain hands-on experience on SIEM use case development process.
- Able to develop threat cases (Correlation Rules), create reports, etc.
- Learn use cases that are widely used across the SIEM deployment.
- Plan, organize, and perform threat monitoring and analysis in the enterprise.
- Able to monitor emerging threat patterns and perform security threat analysis.
- Gain hands-on experience in the alert triaging process.
- Able to escalate incidents to appropriate teams for additional assistance.
- Able to use a service desk ticketing system.
- Able to prepare briefings and reports of analysis methodology and results.
- Gain knowledge of integrating threat intelligence into SIEM for enhanced incident detection and response.
- Able to make use of varied, disparate, constantly changing threat information.
- Gain knowledge of Incident Response Process.
- Gain understating of SOC and IRT collaboration for better incident response.