This course allows learners to understand how a Security Operations Center (SOC) functions and the introductory-level skills and knowledge needed in this environment. It focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.
Target Audience
Security Operations Center Security AnalystComputer Network Defense AnalystComputer Network Defense Infrastructure Support personnelFuture Incident Responders and Security Operations Center (SOC) personnelStudents beginning a career and entering the cybersecurity fieldIT personnel looking to learn more about the area of cybersecurity operationsCisco Channel PartnersPrerequisites
It is strongly recommended, but not required, that students have the following knowledge and skills:
Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)Working knowledge of the Windows operating systemWorking knowledge of Cisco IOS networking and conceptsUnderstanding Cisco Cybersecurity Fundamentals (SECFND) Course Objectives
After completion of this course, students will be able to:
Define a SOC and the various job roles in a SOCUnderstand SOC infrastructure tools and systemsLearn basic incident analysis for a threat centric SOCExplore resources available to assist with an investigationExplain basic event correlation and normalizationDescribe common attack vectorsLearn how to identify malicious activityUnderstand the concept of a playbookDescribe and explain an incident respond handbookDefine types of SOC MetricsUnderstand SOC Workflow Management system and automationCourse Outline
Module 1: SOC Overview
Lesson 1: Defining the Security Operations CenterLesson 2: Understanding NSM Tools and DataLesson 3: Understanding Incident Analysis in a Threat-Centric SOCLesson 4: Identifying Resources for Hunting Cyber ThreatsModule 2: Security Incident Investigations
Lesson 1: Understanding Event Correlation and NormalizationLesson 2: Identifying Common Attack VectorsLesson 3: Identifying Malicious ActivityLesson 4: Identifying Patterns of Suspicious BehaviorLesson 5: Conducting Security Incident InvestigationsModule 3: SOC Operations
Lesson 1: Describing the SOC PlaybookLesson 2: Understanding the SOC MetricsLesson 3: Understanding the SOC WMS and AutomationLesson 4: Describing the Incident Response PlanLesson 5: Appendix A—Describing the Computer Security Incident Response TeamLesson 6: Appendix B—Understanding the use of VERISLabs:
Guided Lab 1: Explore Network Security Monitoring ToolsDiscovery 1: Investigate Hacker MethodologyDiscovery 2: Hunt Malicious TrafficDiscovery 3: Correlate Event Logs, PCAPs, and Alerts of an AttackDiscovery 4: Investigate Browser-Based AttacksDiscovery 5: Analyze Suspicious DNS ActivityDiscovery 6: Investigate Suspicious Activity Using Security OnionDiscovery 7: Investigate Advanced Persistent ThreatsDiscovery 8: Explore SOC PlaybooksNote:
Learn for 365 Days!
We believe in a 365-day learning experience that begins immediately, regardless of when you attend your ILT course. At SLI, you get a range of learning opportunities, from instructor-led hands-on training, to self-directed, customizable learning paths based on your environment, your needs, and your level of experience. We provide the tools and options, and you decide what you need, when you need it, and how you want to learn it!
Immediate access to supplemental learning assets that are INCLUDED with your purchase of the above instructor-led training course:
365 Days of Access to SLI’s Entire Collaboration Video Reference Library (VRL), not just the 5-day class you sign up for (hundreds of searchable, on-demand learning bytes in 5-15-minute videos)365 Days of Unlimited Access to Delta Sessions - What’s Not Covered in Class! (Version Upgrades, Industry Updates, Etc.)365 Days of Unlimited 24x7 Access to SLI's Community - Collaborate with SLI Instructors and Other Members (Monitored Daily by SLI Instructors) 365 Days of Unlimited Access to Interactive neXTpertise Sessions and other IT Resources with SLI Instructors (featured hot topics, exam prep, etc.) Unlimited Access to Hosted Webinars and All Previously Recorded SessionsUnlimited Access to your Digital CoursewareBenefits:
Training that fits your needs (from high intensity to small learning bytes)Build immediate competency - start at time of purchase!Gain know-how and skills gaps with limited work disruptionsGet quick answers to daily challenges - live interaction!
Important Note: All Sunset Learning Institute classes are taught in an instructor-led, live virtual environment. This price includes a facility fee of $300 to allow you to take it in a classroom-type environment. If you prefer to take the class from home, the $300 fee will be waived and refunded.
School Notes:
Important:
All Sunset Learning Institute classes are taught in an instructor-led, live virtual environment. This price includes a facility fee of $300 (except Reston,VA or Denver, CO) to allow you to take it in a classroom-type environment. If you prefer to take the class from home, the $300 fee will be waived and refunded.