Learning Objectives of C|SA
- Gain Knowledge Of SOC Processes, Procedures, Technologies, And Workflows.
- Gain A Basic Understanding And In-Depth Knowledge Of Security Threats, Attacks, Vulnerabilities, Attacker’s Behaviors, Cyber Killchain, Etc.
- Able To Recognize Attacker Tools, Tactics, And Procedures To Identify Indicators Of Compromise (IOCs) That Can Be Utilized During Active And Future Investigations.
- Able To Monitor And Analyze Logs And Alerts From A Variety Of Different Technologies Across Multiple Platforms (IDS/IPS, End-Point Protection, Servers, And Workstations).
- Gain Knowledge Of The Centralized Log Management (CLM) Process.
- Able To Perform Security Events And Log Collection, Monitoring, And Analysis.
- Gain Experience And Extensive Knowledge Of Security Information And Event Management.
- Gain Knowledge Of Administering SIEM Solutions (Splunk/AlienVault/OSSIM/ELK).
- Gain Knowledge Of Administering SIEM Solutions (Splunk/AlienVault/OSSIM/ELK).
- Gain Hands-On Experience In SIEM Use Case Development Process.
- Able To Develop Threat Cases (Correlation Rules), Create Reports, Etc.
- Learn Use Cases That Are Widely Used Across The SIEM Deployment.
- Plan, Organize, And Perform Threat Monitoring And Analysis In The Enterprise.
- Able To Monitor Emerging Threat Patterns And Perform Security Threat Analysis.
- Gain Hands-On Experience In The Alert Triaging Process.
- Able To Escalate Incidents To Appropriate Teams For Additional Assistance.
- Able To Use A Service Desk Ticketing System.
- Able To Prepare Briefings And Reports Of Analysis Methodology And Results.
- Gain Knowledge Of Integrating Threat Intelligence Into SIEM For Enhanced Incident Detection And Response.
- Able To Make Use Of Varied, Disparate, Constantly Changing Threat Information.
- Gain Knowledge Of Incident Response Process.
- Gain Understating Of SOC And IRT Collaboration For Better Incident Response.