Security Operations Center (SOC) Analyst 1
In the Security Operations Center (SOC) Analyst 1 role or Junior Security Analyst role, you will be a Triage Specialist. You will spend a significant portion of your time triaging or monitoring the event logs and alerts.
The responsibilities of a Junior Security Analyst or Tier 1 SOC Analyst include the following,
- Monitor and investigate alerts (most of the time, it’s a 24×7 SOC operations environment)
- Configure and manage security tools
- Develop and implement IDS signatures
- Escalate the security incidents to the Tier 2 and Team Lead if needed
Junior Security Analyst Intro
Pyramid Of Pain
Cyber Kill Chain
Unified Kill Chain
Diamond Model
MITRE
Summit
Eviction
Section 2 – Cyber Threat Intelligence
Intro to Cyber Threat Intel
Threat Intelligence Tools
Yara
OpenCTI
MISP
Friday Overtime
Trooper
Section 3 – Network Security and Traffic Analysis
Traffic Analysis Essentials
Snort
Snort Challenge – The Basics
Snort Challenge – Live Attacks
NetworkMiner
Zeek
Zeek Exercises
Brim
Wireshark: The Basics
Wireshark: Packet Operations
Wireshark: Traffic Analysis
TShark: The Basics
TShark: CLI Wireshark Features
TShark Challenge I: Teamwork
TShark Challenge II: Directory
Section 4 – Endpoint Security Monitoring
Intro to Endpoint Security
Core Windows Processes
Sysinternals
Windows Event Logs
Sysmon
Osquery: The Basics
Wazuh
Monday Monitor
Retracted
Section 5 – Security Information and Event Management
Introduction to SIEM
Investigating with ELK 101
ItsyBitsy
Splunk: Basics
Incident handling with Splunk
Investigating with Splunk
Benign
Section 6 – Digital Forensics and Incident Response
DFIR: An Introduction
Windows Forensics 1
Windows Forensics 2
Linux Forensics
Autopsy
Redline
KAPE
Volatility
Velociraptor
TheHive Project
Intro to Malware Analysis
Unattended
Disgruntled
Critical
Secret Recipe
Section 7 – Phishing
Phishing Analysis Fundamentals
Phishing Emails in Action
Phishing Analysis Tools
Phishing Prevention
The Greenholt Phish
Snapped Phish-ing Line
Section 8 – SOC Level 1 Capstone Challenges
Tempest
Boogeyman 1
Boogeyman 2
Boogeyman 3
Security Operations Center (SOC) Analyst 2
- The Security Operations Center (SOC) Analyst 2 or Senior Cyber Security Analyst role aims to help you succeed in your SOC career.
- It will help you transition into a Level 2 position or strengthen the core technical skills you need to perform well in your current position, using hands-on, practical, and realistic scenarios.
- Through realistic scenarios, you will practice log analysis in-depth and acquire hands-on experience using various SIEM platforms.
- The path will also cover detection engineering topics, allowing you to troubleshoot and fix detection, alerting, and logging issues.
- Finally, you will learn essential technical skills to perform advanced Blue Teaming tasks, such as threat hunting and emulation, incident response, and malware analysis.
Section 1 – Log Analysis
Intro to Logs
Log Operations
Intro to Log Analysis
Section 2 Advanced Splunk
Splunk: Exploring SPL
Splunk: Setting up a SOC Lab
Splunk: Dashboards and Reports
Splunk: Data Manipulation
Fixit
Section 3 – Advanced ELK
Logstash: Data Processing Unit
Custom Alert Rules in Wazuh
Advanced ELK Queries
Slingshot
Section 4 – Detection Engineering
Intro to Detection Engineering
Tactical Detection
Threat Intelligence for SOC
Sigma
SigHunt
Aurora EDR
SOAR
Section 5 – Threat Hunting
Threat Hunting: Introduction
Threat Hunting: Foothold
Threat Hunting: Pivoting
Threat Hunting: Endgame
Hunt Me I: Payment Collectors
Hunt Me II: Typo Squatters
Section 6 – Threat Emulation
Intro to Threat Emulation
Threat Modelling
Atomic Red Team
CALDERA
Atomic Bird Goes Purple #1
Atomic Bird Goes Purple #2
Section 7 – Incident Response
Preparation
Identification & Scoping
Threat Intel & Containment
Eradication & Remediation
Lessons Learned
Tardigrade
Section 8 – Malware Analysis
x86 Architecture Overview
x86 Assembly Crash Course
Windows Internals
Dissecting PE Headers
Basic Static Analysis
MalBuster
Advanced Static Analysis
Basic Dynamic Analysis
Dynamic Analysis: Debugging
Anti-Reverse Engineering
MalDoc: Static Analysis
Certified Ethical Hacker
The Certified Ethical Hacker training program includes 20 modules covering various technologies, tactics, and procedures, providing prospective ethical hackers with the core knowledge needed to thrive in cybersecurity. It continues to evolve to keep up with the latest OS, exploits, tools, and techniques. The concepts covered in the training program are split 50/50 between knowledge-based training and hands-on application through our cyber range. Every tactic discussed in training is backed by step-by-step labs conducted in a virtualized environment with live targets, live tools, and vulnerable systems. Through our lab technology, every participant will have comprehensive hands-on practice to learn and apply
their knowledge.
Module 1 Introduction to Ethical Hacking
Cover the fundamentals of key issues in the information security world,
including the basics of ethical hacking, information security controls,
relevant laws, and standard procedures.
Module 2 – Foot Printing and Reconnaissance
Learn how to use the latest techniques and tools to perform foot
printing and reconnaissance, a critical pre-attack phase of the ethical
hacking process.
Module 3 – Scanning Networks
Learn different network scanning techniques and countermeasures.
Module 4 – Enumeration
Learn various enumeration techniques, such as Border Gateway
Protocol (BGP) and Network File Sharing (NFS) exploits, and associated countermeasures.
Module 5 – Vulnerability Analysis
Learn how to identify security loopholes in a target organization’s network, communication infrastructure, and end systems. Different types of vulnerability assessment and vulnerability assessment tools.
Module 6 – System Hacking
Learn about the various system hacking methodologies—including steganography, steganalysis attacks, and covering tracks—used to discover
system and network vulnerabilities.
Module 7 – Malware Threats
Learn different types of malware (Trojan, virus, worms, etc.), APT and file less malware, malware analysis procedure, and malware countermeasures.
Module 8 – Sniffing
Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against
sniffing attacks.
Module 9 – Social Engineering
Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest
social engineering countermeasures.
Module 10 – Denial-of-Service
Learn about different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the tools used to audit a target and devise DoS and DDoS countermeasures and protections.
Module 11 – Session Hijacking
Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and
cryptographic weaknesses and associated countermeasures.
Module 12- Evading IDS, Firewalls, and Honeypots
Get introduced to firewall, intrusion detection system (IDS), and honeypot evasion techniques; the tools used to audit a network
perimeter for weaknesses; and countermeasures.
Module 13 – Hacking Web Servers
Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures
and countermeasures.
Module 14 – Hacking Web Applications
Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web
applications and countermeasures.
Module 15 – SQL Injection
Learn about SQL injection attacks, evasion techniques, and SQL injection countermeasures.
Module 16 – Hacking Wireless Networks
Understand different types of wireless technologies, including encryption, threats, hacking methodologies, hacking tools, Wi-Fi security tools, and countermeasures.
Module 17 – Hacking Mobile Platforms
Learn Mobile platform attack vector, android and iOS hacking, mobile device management, mobile security guidelines, and security tools.
Module 18 – IoT and OT Hacking
Learn different types of IoT and OT attacks, hacking methodology, hacking tools, and countermeasures.
Module 19 – Cloud Computing
Learn different cloud computing concepts, such as container technologies and server less computing, various cloud computing threats, attacks,
hacking methodology, and cloud security techniques and tools.
Module 20 – Cryptography
Learn about encryption algorithms, cryptography tools, Public Key Infrastructure (PKI), email encryption, disk encryption, cryptography
attacks, and cryptanalysis tools.
Splunk Admin and Developer
Name of Trainer – Dr. Kumar
- Qualification of Trainer – Ph.D. in Cyber Security
- Total Work Experience – 13 Years
- Total No. of Training Conducted till date – 30+
- Duration: 32 Hrs. Training + 1
Hr. MCQ Test + 1 Hr. Practical Test = 34 Hrs. - Hardware Requirement –
- 4 Virtual Machines of Windows 10 and above O.S. with at least i3 processor, 30 GB Hard disk, 8 GB RAM
- 1 Virtual Machine with Ubuntu 18.04 O.S. and with at least i3 processor, 20 GB Hard disk, 4 GB RAM
- Software Requirement – Splunk Enterprise Software 9.x, Foxit Reader, Mozilla Firefox
Course Content
- Duration of Course – 32 Hrs. Training + 1 Hr. MCQ Test + 1 Hr. Practical Test = 34 Hrs.
(4 Hrs.)
Module 1 – Introducing Splunk
- Understand the uses of Splunk
- Define Splunk Apps
- Learn basic navigation in Splunk
Module 2 – Various Certifications of Splunk and their cost
- Eligibility criteria for Splunk Certification
- Cost of Splunk Certification
Module 3 – Setting up Splunk
Configuring Splunk
Installation of Splunk
Module 4 – Licensing in Splunk
Splunk License Types
License Master
License Slave
License Master/Slave relationship or License Pool
(4 Hrs.)
Module 5 – Searching
- Run basic searches
- Use auto-complete to help build a search
- Set the time range of a search
- Identify the contents of search results
- Refine searches
- Use the timeline
- Work with events
- Control a search job
- Save search results
Module 6 – Using Fields in Searching
- Understand fields
- Use fields in searches
- Use the fields sidebar
- Use search modes (fast, verbose, and smart)
Module 7 – Create Reports
- Save a search as a report
- Edit reports
- Create reports that display statistics (tables)
- Create reports that display visualizations (charts)
Module 8 – Create Dashboards
- Create a dashboard
- Add a report to a dashboard
- Add panel to a dashboard
- Edit a dashboard
- Create Interactive dashboard
- Create Cascade dashboard
(4 Hrs.)
Module 9 – Splunk’s Search Language Fundamentals
- Understand the search pipeline
- Understand search syntax concepts
- Use the following commands to perform searches: tables, rename, fields, dedup, sort
Module 10 – Using basic Transforming Commands
- The top command
- The rare command
- The stats command
Module 11 – Creating and Using Lookups
- Describe lookups
- Examine a lookup file example
- Create a lookup file and create a lookup definition
- Use the lookup in searches
Module 12 – Creating Alerts and Scheduled Reports
- Describe scheduled reports
- Configure scheduled reports
- Describe alerts
- Create alerts
- View fired alerts
(4 Hrs.)
Module 13 – Creating Data Models
- Describe the relationship between data models and pivot
- Identify data model attributes
- Create a data model
- Use a data model in pivot
Module 14 – Beyond Search Fundamentals
- Search fundamentals review
- Case sensitivity
- Using the job inspector to view search performance
Module 15 – Using Transforming Commands for Visualizations
- Explore data structure requirements
- Explore visualization types
- Create and format charts and time charts
Module 16 – Filtering and Formatting Results
- The eval command
- Using the search and where commands to filter results
- The fillnull command
(4 Hrs.)
Module 17 – Introduction to Knowledge Objects
- Identify naming conventions
- Review permissions
- Manage knowledge objects
Module 18 – Creating and Managing Fields
- Perform regex field extractions using the Field Extractor (FX)
- Perform delimiter field extractions using the FX
Module 19 – Creating Field Aliases and Calculated Fields
- Describe, create, and use field aliases
- Describe, create and use calculated fields
Module 20 – Creating Tags and Event Types
- Create and use tags
- Describe event types and their uses
- Create an event type
(8 Hrs.)
Module 21 – Creating and Using Macros
- Describe macros
- Create and use a basic macro
- Define arguments and variables for a macro
- Add and use arguments with a macro
Module 22 – Creating and Using Workflow Actions
- Describe the function of GET and Search workflow actions
- Create a GET workflow action
- Create a Search workflow action
Module 23 – Data addition to Splunk by Universal Forwarder
Use of Universal Forwarder
Install and Configure Universal Forwarder in Ubuntu Linux System
Add data to Splunk by Universal Forwarder
Module 24 – Data addition to Splunk by HTTP Event Collector
Use of HTTP Event Collector
Install and Configure HTTP Event Collector in Ubuntu Linux System
Add data to Splunk by HTTP Event Collector
(4 Hrs.)
Module 25 – Clustering
- Need of Clustering
- Indexer Clustering
- Search Head Clustering
Module 26 – Splunk Distributed Deployment
- Create Non-Clustered Distributed Deployment
- Create Clustered Distributed Deployment
- Difference between Non-Clustered and Clustered Distributed Deployment
- Indexer Clustering
- Search Head Clustering
Module 27 – Diag
- Use of Diag
- Create Diag using Splunk Web UI
- Create Diag using Command Line
(4 Hrs.)
Module 28 – Common Information Model
- Use of CIM
- Create CIM
Module 29 – Used cases in Splunk