Combat Modern Cyber Threats: Get Certified as a SOC Analyst with EC-Council.

According to the 2025 SANS SOC Survey, 82% of SOCs are operational 24/7 which highlights the need for continuous monitoring and response. 

The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.

The program focuses on creating new career opportunities through extensive, meticulous knowledge on:

  • End-to-End SOC workflow
  • Incident Detection with SIEM
  • Incident Detection with Threat Intelligence
  • Understanding of SIEM Deployment

Overview

Become a Cyber First Responder – Monitor, Detect, Prevent and Document Cyber Incidents.

CSA thoroughly covers the fundamentals of SOC operations, before relaying the knowledge of log management and correlation, SIEM deployment, advanced incident detection, and incident response. Additionally, the candidate will learn to manage various SOC  processes and collaborate with CSIRT at the time of need.

As the security landscape is expanding, a SOC team offers high-quality IT-security services to detect potential cyber threats and attacks actively and quickly respond to security incidents. Organizations need skilled SOC Analyst who can serve as the front-line defenders, warning other professionals of emerging and present cyber threats.

  • The lab-intensive SOC analyst certification program emphasizes the holistic approach to deliver elementary as well as advanced knowledge of how to identity and validate intrusion attempts.
  • Through this, the candidate will learn to use SIEM solutions and predictive capabilities using threat intelligence.
  • The program also introduces the practical aspect of SIEM using advanced and the most frequently used tools.
  • The candidate will learn to perform enhanced threat detection using the predictive capabilities of Threat Intelligence.

Explore more about cybersecurity certifications with our cybersecurity training and certifications guide.

Skills Covered

  • Gain Knowledge Of SOC Processes, Procedures, Technologies, And Workflows Is
  • Gain A Basic Understanding And In-Depth Knowledge Of Security Threats, Attacks, Vulnerabilities, Attacker’s Behaviors, Cyber Killchain, Etc.
  • Able To Recognize Attacker Tools, Tactics, And Procedures To Identify Indicators Of Compromise (10Cs) That Can Be Utilized During Active And Future Investigations
  • Able To Monitor And Analyze Logs And Alerts From A Variety Of Different Technologies Across Multiple Platforms (IDS/IPS, End-Point Protection, Servers, And Workstations).
  • Gain Knowledge Of The Centralized Log Management (CLM) Process.
  • Able To Perform Security Events And Log Collection, Monitoring, And Analysis.
  • Gain Experience And Extensive Knowledge Of Security Information And Event Management.
  • Gain Knowledge Of Administering SIEM Solutions (Splunk/AlienVault/OSSIM/ELK)
  • Gain Knowledge Of Administering SIEM Solutions (Splunk/Alien/ault/OSSIM/ELK),
  • Gain Hands-On Experience In SIEM Use Case Development Process.
  • Able To Develop Threat Cases (Correlation Rules), Create Reports, Etc.
  • Learn Use Cases That Are Widely Used Across The SIEM Deployment.
  • Plan, Organize, And Perform Threat Monitoring And Analysis In The Enterprise.
  • Able To Monitor Emerging Threat Patterns And Perform Security Threat Analysis.
  • Gain Hands-On Experience In The Alert Triaging Process.
  • Able To Escalate Incidents To Appropriate Teams For Additional Assistance.
  • Able To Use A Service Desk Ticketing System.
  • Able To Prepare Briefings And Reports Of Analysis Methodology And Results.
  • Gain Knowledge Of Integrating Threat Intelligence Into SIEM For Enhanced Incident Detection And Response.
  • Able To Make Use Of Varied, Disparate, Constantly Changing Threat Information.
  • Gain Knowledge Of Incident Response Process.
  • Gain Understating Of SOC And IRT Collaboration For Better Incident Response.

Prerequisites

There are no prerequisites required to attend this course.

Target Audience

  • SOC Analysts (Tier I and Tier II)
  • Network and Security Administrators, Network and Security Engineers, Networks Defense Analysts, Network Defense Technicians, Network Security Specialist, Network Security Operator, and any security professional handling network security operations
  • Cybersecurity Analysts
  • Entry-level cybersecurity professionals
  • Anyone who wants to become a SOC Analysts

Course Curriculum

Module 00: SOC Essential Concepts

  • Computer Network Fundamentals
  • TCP/IP Protocol Suite
  • Application Layer Protocols
  • Transport Layer Protocols
  • Internet Layer Protocols
  • Link Layer Protocols
  • IP Addressing and Port Numbers
  • Network Security Controls
  • Network Security Devices
  • Windows Security
  • Unix/Linux Security
  • Web Application Fundamentals
  • Information Security Standards, Laws and Acts

Module 01: Security Operations and Management

  • Security Management
  • Security Operations
  • Security Operations Center (SOC)
  • Need of SOC
  • SOC Capabilities
  • SOC Operations
  • SOC Workflow
  • Components of SOC: People, Process and Technology
  • People
  • Technology
  • Processes
  • Types of SOC Models
  • SOC Maturity Models
  • SOC Generations
  • SOC Implementation
  • SOC Key Performance Indicators (KPI) and Metrics
  • Challenges in Implementation of SOC
  • Best Practices for Running SOC
  • SOC vs NOC

Module 02: Understanding Cyber Threats, IoCs, and Attack Methodology

  • Cyber Threats
  • Intent-Motive-Goal
  • Tactics-Techniques-Procedures (TTPs)
  • Opportunity-Vulnerability-Weakness
  • Network Level Attacks
  • Host Level Attacks
  • Application Level Attacks
  • Email Security Threats
  • Understanding Indicators of Compromise (IoCs)
  • Understanding Attacker’s Hacking Methodology
  • Exercise 1: Application Level Threats: Understanding the Working of SQL Injection
    Attacks
  • Exercise 2: Application Level Threats: Understanding the Working of XSS Attacks
  • Exercise 3: Network Level Threats: Understanding the Working of Network
    Scanning Attacks
  • Exercise 4: Host Level Threats: Understanding the Working of Brute Force Attacks

Module 03: Incidents, Events, and Logging

  • Incident
  • Event
  • Log
  • Typical Log Sources
  • Need of Log
  • Logging Requirements
  • Typical Log Format
  • Logging Approaches
  • Local Logging
  • Centralized Logging
  • Exercise 1: Local Logging: Configuring, Monitoring, and Analyzing Windows Logs
  • Exercise 2: Local Logging: Configuring, Monitoring, and Analyzing IIS Logs
  • Exercise 3: Local Logging: Configuring, Monitoring, and Analyzing Snort IDS Logs
  • Exercise 4: Centralized Logging: Collecting Logs from Different Devices into
    Centralized Location

Module 04: Incident Detection with Security Information and Event Management (SIEM)

  • Security Information and Event Management(SIEM)
  • Security Analytics
  • Need of SIEM
  • Typical SIEM Capabilities
  • SIEM Architecture and Its Components
  • SIEM Solutions
  • SIEM Deployment
  • Incident Detection with SIEM
  • Examples of commonly Used Use Cases Across all SIEM deployments
  • Handling Alert Triaging and Analysis
  • Exercise 1: Creating Splunk Use Case and Generating Alerts for Brute-force
    Attempts
  • Exercise 2: Creating Splunk Use Case and Generating Alerts for SQL Injection
    Attempts
  • Exercise 3: Creating Splunk Use Case and Generating Alerts for XSS Attempts
  • Exercise 4: Creating Splunk Use Case and Generating Alerts for Network Scanning
    Attempts
  • Exercise 5: Creating Splunk Use Case for Registry Monitoring
  • Exercise 6: Creating Splunk Use Case for Monitoring Insecure Ports and Services

Module 05: Enhanced Incident Detection with Threat Intelligence

  • Understanding Cyber Threat Intelligence
  • Why Threat Intelligence-driven SOC?
  • Exercise 1: Integrating IoCs into ELK Stack
  • Exercise 2: Integrating OTX Threat Data in OSSIM
  • Exercise 3: Integrating Threat Intelligence Capability of OSSIM

Module 06: Incident Response

  • Incident Response
  • Incident Response Team (IRT)
  • Where Does IRT Fits in the Organization?
  • SOC and IRT Collaboration
  • Incident Response (IR) Process Overview
  • Step 1: Preparation for Incident Response
  • Step 2: Incident Recording and Assignment
  • Step 3: Incident Triage
  • Step 4: Notification
  • Step 5: Containment
  • Step 6: Evidence Gathering and Forensic Analysis
  • Step 7: Eradication
  • Step 8: Recovery
  • Step 9: Post-Incident Activities
  • Responding to Network Security Incidents
  • Responding to Application Security Incidents
  • Responding to Email Security Incidents
  • Responding to an Insider Incidents
  • Responding to Malware incidents
  • Exercise 1: Generating Tickets for Incidents
  • Exercise 2: Containing Data Loss Incidents
  • Exercise 3: Eradicating SQL injection and XSS Incidents
  • Exercise 4: Recovering from Data Loss Incidents
  • Exercise 5: Reporting an Incident

Dates & Locations

Let’s make it work for you

Can’t find a date that fits? Need to train your whole team? Looking for a discount?
Speak to one of our learning experts today.

x Clear all selections

June 17, 2026 - June 19, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
Included
RM 4700

June 17, 2026 - June 19, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
Included
RM 4700

September 28, 2026 - September 30, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
Included
RM 4700

September 28, 2026 - September 30, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
Included
RM 4700

December 21, 2026 - December 23, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
Included
RM 4700

December 21, 2026 - December 23, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
Included
RM 4700
Trainocate exam and cert

Exam & Certification

The CSA exam is designed to test and validate a candidate’s comprehensive understanding of the job tasks required as a SOC analyst. Thereby, validating their comprehensive understanding of a complete  SOC workflow.

Exam Eligibility Requirement

The CSA program requires a candidate to have one year of work experience in the Network Admin/Security domain and should be able to provide proof of the same as validated through the application process unless the candidate attends official training.

Training & Certification Guide

In order to maintain the high integrity of our certification exams, EC-Council Exams are provided in multiple forms (i.e., different question banks).

Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only have academic rigor but also have “real world” applicability.

We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form.

To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 85%.

  • Exam code: 312-39
  • Number of Questions: 100
  • Exam Title: Certified SOC Analyst
  • Test Duration: 3 Hours
  • Test Format: Multiple Choice
  • Availability: EC-Council Exam Portal

CEH: Certified Ethical Hacker v13 – Elite

Certified Ethical Hacker CEH v12 will teach you the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals to lawfully hack an organization.

CHFI: Computer Hacking Forensic Investigator

EC-Council’s Certified Hacking Forensic Investigator (CHFI) is the only comprehensive ANSI accredited, lab-focused program in the market that gives organizations vendor-neutral training in digital forensics

CND: Certified Network Defender

Learn the skills that matter! EC-Council’s vendor-neutral network security certifications provide an unbiased approach to learning secure networking practices, as well as how to analyze and harden computing systems prevalent in the current IT infrastructure.

CPENT: Certified Penetration Testing Professional

EC-Council’s Certified Penetration Tester (CPENT) program teaches you how to perform an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended.

Frequently Asked Questions

A SOC Analyst is a frontline cyber defense professional. They work within a Security Operations Center to detect, analyze, investigate, and respond to cybersecurity incidents in real-time. SOC Analysts protect organizations from a wide range of threats through continuous monitoring, threat intelligence, and incident response.

  • Skill Validation: The CSA certification demonstrates your knowledge and ability to effectively perform the duties of a SOC analyst.
  • Career Growth: Cybersecurity Ventures predicts 3.5 million global cybersecurity job openings by 2025 – SOC analysts are an essential part of filling that gap.
  • Increased Earning Potential: Certified cybersecurity professionals often command higher salaries than their non-certified counterparts.

The CSA exam focuses on key domains including:

  • Security Operations and Monitoring
  • Incident Detection & Response
  • Threat Intelligence
  • Vulnerability Management
  • Log Analysis and SIEM tools
  • Compliance and Risk Management

The CSA certification prepares you for a variety of job roles within cybersecurity, including:

  • SOC Analyst (Tier 1, Tier 2, Tier 3)
  • Security Analyst
  • Incident Responder
  • Threat Hunter
  • Security Engineer (with additional experience)

Salary ranges for SOC Analysts vary depending on location, experience, and specific industry. However, certified SOC Analysts generally command higher salaries. According to resources like ZipRecruiter and Glassdoor, average salaries in certain regions can range from $75,000 to over $100,000 annually.

  • Strong analytical and problem-solving skills
  • Effective communication (both written and verbal)
  • The ability to work independently and as part of a team.
  • A passion for continuous learning in the ever-evolving cybersecurity landscape.

Do explore our list of soft skills courses to complement your tech skills.

Speak to a Training Consultant

All courses are HRD Claimable.
Get in touch with our team via the form or WhatsApp us on +6011-5119 6631

Preferred mode of training
Checkboxes