About this course
With cyber attacks on the rise, more and more organizations are investing in their own Security Operations Centers (SOC). SOC Analysts are responsible for monitoring the company’s infrastructure round the clock in order to mitigate potential attacks using SIEM tools.
This course is for college students that are interested in the field of cyber security. Likewise, experienced professionals that want to make a switch to the in-demand field of cyber security can also benefit from this training course.
Number of jobs in the U.S. – 49,000+ (Source: LinkedIn)
U.S. National Average salary – $107,172/year (Source: ZipRecruiter)
This course covers everything from the basics to a comprehensive overview of the technologies and related architecture used in a Security Operations Center (SOC). It will arm you with the skills needed to identify security events and respond to incidents in a SOC environment.
Prerequisite – None required. Basic knowledge of Windows helpful.
Introduction to Security Operations Center (SOC) (4 hours)
• What is SOC • Red Vs Blue Teams • Cyber kill chain • MITRE ATT&CK framework • Roles and responsibilities of SOC
Ethical Hacking Basics (10 hours)
• Nmap • Hacking stages • Types of hackers • Web application security • Roles and responsibilities of SOC • Types of Malware • Ransomware and security measures
SIEM (4 hours)
• What is SIEM • ArcSight Architecture and Its components • Introduction to Collector • Introduction to ESM
QRADAR Components Configuration (4 hours)
• System requirements (OS, DB, hardware specs) • Installation of QRADAR • QRADAR user management
SIEM Console Navigation (4 hours)
• Filters • Index Management • Advanced searches
Logger and its components (4 hours)
• Overview of Collectors • Logger workflow to receive events • Device Groups • Reports and Dashboard creation in Logger • Event searching • Scheduling Tasks • Alert notification and its limitation • User logger for Investigation
Content Management (4 hours)
• Use Cases • Hidden features in QRADAR to create rules (Local variable, Active List) • Dashboards • Reports • Sample creation of Use cases • Sample creation of dashboard • Sample creation of reports
Using QRADAR for Offense Investigations (4 hours)
• Alert mechanism and reporting overview • Identifying alerts and responding to it • Using search mechanism for quick investigation • Using QRADAR for quick alert Investigation techniques • Using Active channels and logger queries as part of investigation • Using reports and dashboards in QRADAR for trend analysis • Correlating multiple device logs for decision making on triggered alerts • Trend Analysis using reports and Dashboards • Sample Investigation on triggered alerts
Making them ost out of QRADAR (4 hours)
• Device integration overview • Automating compliance alerts • Using search mechanisms for quick investigation • Quick investigation shortcuts • Cheat sheet for QRADAR troubleshooting • Log stoppage alerts and trouble shooting