EC-Council Certified SOC ANALYST (CSA) Certification Training
CSA Training
Program Highlights
The Certified SOC Analyst V2 (CSA V2) Training from InfosecTrain provides a complete foundation for modern Security Operations Center (SOC). Updated for 2026, the program aligns with EC-Council’s latest CSA V2 syllabus and equips learners with hands-on skills in SOC monitoring, SIEM operations, log analysis, threat intelligence, alert triage, and incident response workflows.
This practitioner-led, beginner-friendly course integrates real-time SOC simulations, AI-supported detection techniques, MITRE ATT&CK mapping, and guided investigation scenarios, preparing participants to confidently perform SOC L1 duties and clear the CSA V2 certification exam.
24-Hour of Instructor-led Training 
Learn from Certified SOC, DFIR & Threat Intelligence Specialists 
Real-time SIEM Labs using tools like Splunk, ELK, and QRadar 
Hands-on Log Analysis, Alert Triage & Threat Detection Exercises 
MITRE ATT&CK, Cyber Kill Chain & Use Case Mapping 
SOC Reporting, Ticketing & Investigation Documentation 
Interview Preparation for SOC Analyst Jobs (L1–L2) 
Post-training Doubt Clearing & Mentorship Support 
Access to Recorded Sessions
Training Schedule
- upcoming classes
- corporate training
- 1 on 1 training
Looking for a customized training?
REQUEST A BATCHWhy Choose Our Corporate Training Solution
- Upskill your team on the latest tech
- Highly customized solutions
- Free Training Needs Analysis
- Skill-specific training delivery
- Secure your organizations inside-out
Why Choose 1-on-1 Training
- Get personalized attention
- Customized content
- Learn at your dedicated hour
- Instant clarification of doubt
- Guaranteed to run
Can't Find a Suitable Schedule? Talk to Our Training Advisor!
The Certified SOC Analyst (CSA V2) Training from InfosecTrain is structured to help newcomers and early-career security professionals build the exact skills demanded by modern SOC teams. Based on the updated EC-Council CSA V2 syllabus, the course begins with foundational concepts such as SOC architecture, roles, processes, attacker behaviors, and threat landscapes, intensifies with attacker TTP analysis using MITRE ATT&CK, IoC identification, threat-intelligence integration, and real alert triage simulations. It concludes with full-scale incident response workflows, documentation requirements, escalation procedures, and AI-assisted detection models used in 2026 SOC environments.
A strategic blend of theory, guided labs, real-world datasets, and case-based scenarios ensures students gain practical SOC readiness and confidently support incident detection and response functions in a live SOC.
- Module 1: Security Operations and Management
- Key topics covered:
- SOC, SOC Capabilities, SOC Operations, SOC Workflow, Components of SOC, SOC Models, SOC Maturity Models, SOC Generations, SOC KPIs and Metrics, SOC Challenges
- Key topics covered:
- Module 02: Understanding Cyber Threats, IoCs, and Attack Methodology
- Key topics covered:
- Cyber Threats, TTPs, Reconnaissance Attacks, Man-in-the-Middle Attacks, Password Attack
Techniques, Malware Attacks, Advanced Persistent Threat Lifecycle, Host-Based DoS Attacks,
Ransomware Attacks, SQL Injection Attacks, XSS Attacks, Cross-Site Request Forgery (CSRF)
Attack, Session Attacks, Social Engineering Attacks, Email Attacks, Insider Attacks, IoCs,
Attacker’s Hacking Methodology, MITRE D3FEND Framework, Diamond Model of Intrusion Analysis
- Cyber Threats, TTPs, Reconnaissance Attacks, Man-in-the-Middle Attacks, Password Attack
- Key topics covered:
- Hands-on labs:
- Perform SQL Injection Attack, Cross-Site Scripting (XSS) Attack, Network Scanning Attack, DoS Attack,
and Brute Force Attack to understand their TTPs and IoCs. - Detect and analyze IoCs using Wireshark.
- Perform SQL Injection Attack, Cross-Site Scripting (XSS) Attack, Network Scanning Attack, DoS Attack,
- Module 03: Log Management
- Key topics covered:
- Incident, Event, Log, Log Sources, Log Format, Local Logging, Windows Event Log, Linux Logs, Mac
Logs, Firewall Logs, IP tables, Router Logs, IIS Logs, Apache Logs, Database Logs, Centralized
Logging, Log Collection, Log Transmission, Log Storage, AI-Powered Script for Log Storage, Log
Normalization, Log Parsing, Log Correlation, Log Analysis, Alerting and Reporting
- Incident, Event, Log, Log Sources, Log Format, Local Logging, Windows Event Log, Linux Logs, Mac
- Key topics covered:
- Hands-on labs:
- Configure, monitor, and analyze various logs.
- Collect logs from different devices into a centralized location using Splunk.
- Module 04: Incident Detection and Triage
- Key topics covered:
- SIEM, SIEM Architecture and its Components, AI-Enabled SIEM, Types of SIEM Solutions, SIEM Deployment, SIEM Use Cases, SIEM Deployment Architecture, SIEM Use Case Lifecycle,Application-Level Incident Detection SIEM Use Cases, Insider Incident Detection SIEM Use Cases,Examples of Network Level Incident Detection SIEM Use Cases, Examples of Compliance Use Cases,SIEM Rules Generation with AI, Alert Triage, Splunk AI, Elasticsearch AI, Alert Triage with AI,Dashboards in SOC, SOC Reports
- Key topics covered:
- Hands-on labs:
- Develop Splunk use cases to detect and generate alerts for brute-force attempts, ransomware attacks, SQL injection attempts, XSS attempts, Broken Access Control attempts, application crashes using Remote Code Execution, scanning attempts, monitoring insecure ports and services, HTTP flood/denial of service (DoS) attacks, monitoring Windows audit log tampering, and malicious PowerShell script execution.
- Enhance alert triage using the SIGMA rules for Splunk queries.
- Create dashboards in Splunk.
- Create ELK use cases for monitoring trusted binaries connecting to the internet, credential dumping using Mimikatz, and monitoring malware activity in the system.
- Create dashboards in ELK.
- Detect brute-force attack patterns using correlation rules in ManageEngine Log 360.
- Module 05: Proactive Threat Detection
- Key topics covered:
- Cyber Threat Intelligence (CTI), Threat Intelligence Lifecycle, Types of Threat Intelligence,Threat Intelligence Strategy, Threat Intelligence Sources, Threat Intelligence Platform (TIP),Threat Intelligence-Driven SOC, Threat Intelligence Use Cases for Enhanced Incident Response,Enhanced Threat Detection with AI, Threat Hunting, Threat Hunting Process, Threat Hunting Frameworks, Threat Hunting with PowerShell Script, PowerShell AI Module, Threat Hunting with AI,Threat Hunting with YARA, Threat Hunting Tools
- Key topics covered:
- Hands-on labs:
- Integrate IoCs into the ELK Stack.
- Integrate OTX threat data into OSSIM.
- Detects incidents in Windows Server using YARA.
- Conduct threat hunting using Windows PowerShell scripts, Hunt Manager in Velociraptor, Log360 UEBA, and Sophos Central.
- Module 06: Incident Response
- Key topics covered:
- Incident Response (IR), IRT, SOC and IRT Collaboration, IR Process, Ticketing System, Incident Triage, Notification, Containment, Eradication, Recovery, Network Security Incident Response,Application Security Incident Response, Email Security Incident Response, Insider Threats and Incident Response, Malware Threats and Incident Response, SOC Playbook, Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), SOAR, SOAR Playbook
- Key topics covered:
- Hands-on labs:
- Generate tickets for incidents.
- Contain data loss incidents.
- Eradicate SQL injection and XSS incidents.
- Perform recovery from data loss incidents.
- Create incident reports using OSSIM.
- Perform automated threat detection and response using Wazuh.
- Detects threats using Sophos Central XDR.
- Integrate Sophos Central XDR with Splunk.
- Module 07: Forensic Investigation and Malware Analysis
- Key topics covered:
- Forensics Investigation, Forensics Investigation Methodology, Forensics Investigation Process,Forensics Investigation of Network Security Incidents, Forensics Investigation of Application Security Incidents, Forensics Investigation of Email Security Incidents, Forensics Investigation of Insider Incidents, Malware Analysis, Types of Malware Analysis, Malware Analysis Tools,Static Malware Analysis, Dynamic Malware Analysis
- Key topics covered:
- Hands-on labs:
- Perform forensic investigation of application security incidents: SQL Injection Attacks.
- Perform forensic investigation of a compromised system incident using Velociraptor.
- Analyze RAM for suspicious activities using Redline.
- Perform static analysis on a suspicious file using PeStudio.
- Examine a suspicious file using VirusTotal.
- Perform dynamic malware analysis in Windows using Process Hacker.
- Module 08: SOC for Cloud Environments
- Key topics covered:
- Cloud SOC, Azure SOC Architecture, Microsoft Sentinel, AWS SOC Architecture, AWS Security Hub,Centralized Logging with OpenSearch, Google Cloud Platform (GCP) Security Operation Center,Security Command Center, Chronicle
- Key topics covered:
- Hands-on labs:
- Implement Microsoft Sentinel in Azure.
This course is ideal for:
- Tier I and Tier II SOC Analysts (entry- to intermediate-level)
- Cybersecurity Analysts, Network Security Engineers/Administrators, Network Defense Analysts, Network & Security Technicians/Operators/Specialists
- Entry-level cybersecurity professionals seeking to build core SOC skills
- IT/Network/System Administrators or Engineers wanting to transition into SOC/security monitoring roles
- Anyone aiming to become a SOC Analyst, aspiring professionals, career switchers, or freshers with interest in SOC operations
- There are no formal prerequisites mandated by EC-Council to take CSA V2 ; it is open to beginners/entry-level candidates.
| Exam Code | 312-39 |
| Exam Duration | 180 Minutes |
| Number of Questions | 100 |
| Exam Format | Multiple-choice Questions |
| Passing Score | 70% |
| Exam Language | English |
This course aims to:
- Build a strong foundation in SOC operations, security monitoring, log management, SIEM workflows, and threat detection concepts.
- Develop hands-on SOC skills including log correlation, alert triage, IoC analysis, threat intelligence integration, and MITRE ATT&CK mapping.
- Train participants to detect, investigate, escalate, and document security incidents in alignment with modern SOC L1-L2 practices.
- Prepare learners to confidently clear the EC-Council Certified SOC Analyst (CSA V2) certification exam and step into SOC Analyst roles.
How We Help You Succeed
Vision
Goal
Skill-Building
Mentoring
Direction
Support
Success
Benefits of Certified SOC Analyst (CSA) Training
Master the SOC Monitoring Lifecycle
Gain hands-on experience in SIEM (Splunk/ELK/OSSIM)
Learn use-case development, alert tuning & rule creation
Work with real attack datasets & threat actor TTPs
Build AI-aware SOC skills
Average Salary
Average Salary
Hiring Companies
"Source: Indeed, Glassdoor"
Confused about the right course for yourself?
Words Have Power
I have learned the most about cyber security (SOC Analyst) from this organization. Our trainer, in particular, has given me the greatest advice and knowledge. Best Regards to the entire InfosecTrain team.
Impressed with the trainer’s details in explanation and his knowledge. He kept the class engaging, and I never felt bored or at a slow pace. He also gave enough time to complete the tasks and check back on the doubts. Thanks for this training.
The trainer has great knowledge about the topic, and he knows what he is teaching us. Kudos to him. Thank you so much InfosecTrain.
It was a great experience,got opportunity to explore many new things and able to sort out doubts logically.
It’s a very good and informative session. It is great to have an instructor who keeps inspiring you throughout the course.
Success Speaks Volumes
Get a Sample Certificate
Frequently Asked Questions
What is the Certified SOC Analyst (CSA) V2 certification?
The Certified SOC Analyst (CSA) V2 is EC-Council’s updated, globally recognized certification designed to validate foundational skills in Security Operations Center (SOC) monitoring, log analysis, threat detection, and incident response. It prepares candidates for real-world SOC Analyst (L1–L2) roles using modern tools, frameworks, and attack scenarios.
What updates are included in the CSA V2 course?
CSA V2 includes major enhancements such as:
- Updated modules aligned with modern SOC operations
- Hands-on labs for SIEM, threat intelligence, and alert triage
- AI-enabled SOC concepts and automated detection workflows
- Threat hunting and YARA-based detection
- Cloud SOC fundamentals (Azure, AWS, GCP)
- Expanded labs with Splunk, ELK, OSSIM, Wazuh, Sophos XDR, Velociraptor, and more
- Real-world attack simulations (SQLi, XSS, brute force, ransomware, etc.)
Who can join the SOC Analyst V2 training?
The training is ideal for:
- Tier I and Tier II SOC Analysts (entry- to intermediate-level)
- Cybersecurity Analysts, Network Security Engineers/Administrators, Network Defense Analysts, Network & Security Technicians/Operators/Specialists
- Entry-level cybersecurity professionals seeking to build core SOC skills
- IT/Network/System Administrators or Engineers wanting to transition into SOC/security monitoring roles
- Anyone aiming to become a SOC Analyst, aspiring professionals, career switchers, or freshers with interest in SOC operations
Is the CSA V2 online training suitable for beginners?
Yes. CSA V2 is beginner-friendly.
What skills are covered in the SOC Analyst V2 course?
Learners gain skills in:
- SOC monitoring & security operations
- Log management & event correlation
- SIEM operations (rule creation, dashboards, alert triage)
- Threat intelligence & IoC analysis
- Incident response workflows
- Threat hunting methodologies
- MITRE ATT&CK mapping
- AI-driven detection and automated playbooks
- Cloud SOC environments (Azure, AWS, GCP)
Does the CSA V2 training include hands-on labs?
Yes. CSA V2 includes extensive hands-on labs.
What SIEM tools are taught in the CSA V2 certification?
Learners work with:
- Splunk
- ELK Stack (Elasticsearch, Logstash, Kibana)
- OSSIM/AlienVault
- ManageEngine Log360
- Microsoft Sentinel
- Wazuh SIEM/XDR
- Other detection platforms for log analysis and correlation
How is the CSA V2 certification exam structured?
The CSA V2 certification exam is structured as a 100-question, multiple-choice (MCQ) assessment delivered through the EC-Council exam portal or an authorized exam center. It is a 180 minutes exam (Exam Code: 312-39) and requires a minimum passing score of 70%, although EC-Council’s scaling policies may adjust this slightly.
Are there any prerequisites for the SOC Analyst V2 course?
There are no prerequisites for this course.
Is the CSA V2 certification globally recognized?
Yes. CSA V2 is a globally recognized certification.
What job roles can I get after the SOC Analyst V2 course?
Common roles include:
- SOC Analyst (L1/L2) — $100,537
- Cybersecurity Analyst — $110,109
- Incident Response Analyst — $115,343
- Threat Monitoring Analyst — $104,000
- Security Operations Technician — $90,000
- SIEM Analyst — $95,000
Does the SOC Analyst V2 online course include real-world scenarios?
Yes. Learners investigate:
- SQL injection attacks
- XSS attacks
- Brute force attacks
- Ransomware indicators
- Credential dumping
- Insider behavior anomalies
- Cloud-based incidents
- Malware analysis findings
Will I receive a certificate after completing the CSA V2 training?
Yes, you will get a completion certificate.
Does the CSA V2 online training prepare you for SOC interviews?
Yes, InfosecTrain provides SOC interview preparation sessions for participants.
Can the SOC Analyst V2 course help me enter blue team roles?
Yes, the SOC Analyst V2 course is one of the strongest starting points for entering blue team roles.
