CSA| Certified SOC Analyst
- 02 Aprile 2025
- Duration 24 weeks
- 01 June 2026
- Duration: 36 weeks
Master the Skills of a Modern SOC Analyst (CSA)Program
The Certified SOC Analyst (C|SA v2) program is a comprehensive, job-ready certification that prepares you to detect, investigate, and respond to cybersecurity threats in Security Operations Centers (SOCs). With strong coverage of SIEM, threat intelligence, proactive detection, and AI-driven automation, this program gives you the practical expertise to run modern SOC operations at Levels 1, 2, and even 3.
Key Features & Benefits
Globally recognized, ANAB-accredited certification
Approved by U.S. DoD 8140 / 8570 and mapped to NICE Cybersecurity Workforce Framework
Covers SOC levels L1–L3, including advanced detection and response workflows
Strong focus on SIEM use cases – 350+ use cases across ArcSight, QRadar, Splunk, LogRhythm, Elastic
Hands-on training – 50+ labs, 120+ SOC tools, with over 50% of the course dedicated to labs
AI-powered SOC skills – leverage Splunk AI, Elastic AI, ChatGPT, Copilot, and PowerShell AI for detection and hunting
Covers on-premises and cloud SOC – AWS, Azure, GCP monitoring and response
Job-ready design – built with industry SMEs to match SOC Analyst job tasks (L1, L2, L3)
Course Outline
Module 01
Security Operations and Management
Security Operations and Management
Learn how a Security Operations Center (SOC) works, its role in protecting organizations, and the people, processes, and technologies behind it.
Explore a SOC environment, review SOC roles and workflows, and simulate monitoring activities.
Key topics covered: SOC structures (in-house, outsourced, hybrid), SOC maturity models, KPIs, security management processes, and challenges in SOC operations.
Module 02
Understanding Cyber Threats, IoCs, and Attack Methodology
Understanding Cyber Threats, IoCs, and Attack Methodology
Understand how attackers operate, the techniques they use, and how to recognize the warning signs they leave behind.
Identify IoCs from sample attack scenarios and analyze threat intelligence reports.
Key topics covered: Common cyberattacks, attacker tactics and procedures (TTPs), Indicators of Compromise (IoCs), and frameworks like MITRE ATT&CK and Cyber Kill Chain.
Module 03
Log Management
Log Management
Learn how to collect, manage, and analyze logs that provide critical evidence for detecting attacks.
Collect and analyze logs from multiple systems, configure centralized log management, and detect suspicious activity in log data.
Key topics covered: Log sources (Windows, Linux, firewall, IDS/IPS, databases, applications), centralized log management, parsing, normalization, and correlation.
Module 04
Incident Detection and Triage
Incident Detection and Triage
Detect and prioritize security incidents quickly using SIEM and triage methods.
Configure SIEM rules, triage alerts, investigate anomalies, and generate incident reports.
Key topics covered: SIEM concepts, SIEM solutions (Splunk, QRadar, ArcSight, Elastic, LogRhythm), deployment strategies, use case development, alert management, dashboards, and reporting.
Module 05
Proactive Threat Detection
Proactive Threat Detection
Go beyond reactive monitoring by using threat intelligence and hunting to anticipate attacks.
Perform threat hunting exercises, create YARA rules, use PowerShell for hunting, and apply AI-based hunting tools.
Key topics covered: Threat intelligence lifecycle, OSINT, threat hunting frameworks, proactive defense strategies, and AI-driven hunting methods.
Module 06
Incident Response
Incident Response
Master the structured approach to containing, eradicating, and recovering from incidents.
Use a ticketing system to document incidents, follow an incident playbook, and simulate containment and recovery.
Key topics covered: Incident response lifecycle, ticketing systems, severity classification, SOC and IRT collaboration, playbooks, and SOAR automation.
Module 07
Forensics Investigation and Malware Analysis
Forensics Investigation and Malware Analysis
Learn how to preserve digital evidence, investigate incidents, and analyze malware behavior.
Perform forensic memory analysis, analyze malware samples, and use sandbox environments to study malicious behavior.
Key topics covered: Forensic investigation methodology, evidence collection, static and dynamic malware analysis, forensic tools (Volatility, Redline, ANY.RUN).
Module 08
SOC for Cloud Environments
SOC for Cloud Environments
Discover how SOC analysts monitor and respond to threats in cloud environments like AWS, Azure, and Google Cloud.
Configure cloud-native monitoring tools, analyze cloud logs, and investigate a simulated cloud attack.
Key topics covered: Cloud SOC challenges, monitoring strategies, native cloud tools (Microsoft Sentinel, AWS GuardDuty, Google Chronicle), compliance requirements, and cloud forensics.
Our Partners & Vendors
Ready to grow your cybersecurity team?
Training Prerequisites
Core Knowledge
Basic understanding of computer networks and how they function.
Familiarity with cybersecurity concepts such as threats, vulnerabilities, and risk management.
Awareness of the role of a Security Operations Center (SOC) in defending organizations.
Technical Skills
Knowledge of IP addressing, routing, and core network protocols (TCP/IP, DNS, DHCP, ARP, ICMP).
Ability to use basic network troubleshooting tools (ping, traceroute, nslookup, netstat).
Understanding of common attack types (malware, phishing, denial of service, insider threats).
OS & Tools
Comfortable using Windows and Linux operating systems.
Ability to install software packages and use command-line tools.
Basic knowledge of file systems, permissions, and user management.
Familiarity with security tools (firewalls, IDS/IPS, or SIEM solutions) is recommended but not mandatory.
Training & Register Details
TRAINING OVERVIEW
Certified SOC Analyst v2
Equip your team to detect, investigate, and stop cyber threat
Training Duration: 3 days (24 hours)
Format: Instructor-Led Online
Level: Intermediate
Language: Ukrainian
Materials: English | 24 months valid
Labs: 24/7 180 days access
Exam Attempts: 1 offline
Certification: INCLUDED
HOW TO REGISTER
1. Submit Your Application
Basic understanding of computer networks and protocols.
2. Intro Call
We’ll schedule a short call to learn more about your goals and expectations.
3. Confirm Your Spot
Get accepted and complete the paperwork. We’ll send you all the info you need.
4. Start Learning
Access your learning platform and get familiar with the materials.
5. Join the Community
Get access to the student chat, events, and mentorship opportunities.
Who is CSA for?
Aspiring SOC Analysts
Gain the essential skills to start your career in Security Operations Centers with hands-on training and certification.
SOC Teams & Enterprises
Enhance detection, investigation, and response capabilities to strengthen your organization’s security posture.
Government & Defense
Trusted by agencies worldwide to build skilled SOC professionals for national and critical infrastructure protection.
Educators & Trainers
Integrate globally recognized SOC training into academic programs and professional cybersecurity courses.
FAQ
What is C|SA v2?
C|SA v2 is EC-Council’s globally recognized certification that trains you in the skills needed to detect, investigate, and respond to cybersecurity threats in a Security Operations Center (SOC).
Who should take this course?
The course is designed for aspiring SOC analysts, cybersecurity professionals, SOC teams, government agencies, and educators who want to build or strengthen SOC capabilities.
Do I need prior experience?
Yes, a basic understanding of networks, operating systems, and cybersecurity concepts is recommended. Familiarity with tools like firewalls, IDS/IPS, or SIEM is helpful but not mandatory.
How practical is the training?
Very practical — with 50+ hands-on labs and 120+ tools, over half of the training time is spent practicing real SOC tasks in simulated environments.
What certification will I receive?
After completing the training and passing the exam (312-39), you will earn the Certified SOC Analyst (C|SA v2) certification, accredited by ANSI/ANAB and recognized worldwide.
What are the exam details?
The exam has 100 multiple-choice questions, lasts 3 hours, and is delivered online via the EC-Council exam portal.