Holiday Skills Carnival:
 Buy 1 Get 1 FREE
AVAIL NOW
Days
Hours
Minutes
Seconds

CERTIFIED SOC ANALYST (CSA) Certification Training in Delhi
Read Reviews

Certified Security Analyst Certification will help you to start your journey towards joining a security operations centre (SOC).SOC Analyst Certification aims at offering proficiency in performing entry-level and intermediate-level operations and therefore, it is helpful for both already existing as well as aspiring Tier I and Tier II SOC analysts.

Enroll now for this course! We are offering access to Cyber Security Fundamentals (19hrs on-demand video) & Microsoft AZ-900 (6hrs on-demand video) Self-Paced Online Programs for ABSOLUTELY FREE

Course Highlights

  • 24-Hour of Instructor-led Training
  • Learn from Certified SOC, DFIR & Threat Intelligence Specialists
  • Real-time SIEM Labs using tools like Splunk, ELK, and QRadar
  • Hands-on Log Analysis, Alert Triage & Threat Detection Exercises
  • MITRE ATT&CK, Cyber Kill Chain & Use Case Mapping
  • SOC Reporting, Ticketing & Investigation Documentation
  • Interview Preparation for SOC Analyst Jobs (L1–L2)
  • Post-training Doubt Clearing & Mentorship Support
  • Access to Recorded Sessions

Accredited By

Choose your Preferred Learning Mode

ON DEMAND TRAINING

Learn on Your Own Time
1-to-1 learning
Customized Solutions

Contact US

ONLINE TRAINING

Flexibility, Convenience & Time Saving
More Effective
Learning Cost Savings

Classes starting from

5th Sep: Weekend

15th Sep: Weekday

ENROLL NOW Preferred

CORPORATE TRAINING

Anytime, Anywhere – Across The Globe
Hire A Trainer
At Your Own Pace
Customized Corporate Training

Contact US For Business

you were looking for your convenient time & date

REQUEST A BATCH

Course Description

The Certified SOC Analyst (CSA V2) Training from InfosecTrain is structured to help newcomers and early-career security professionals build the exact skills demanded by modern SOC teams. Based on the updated EC-Council CSA V2 syllabus, the course begins with foundational concepts such as SOC architecture, roles, processes, attacker behaviors, and threat landscapes, intensifies with attacker TTP analysis using MITRE ATT&CK, IoC identification, threat-intelligence integration, and real alert triage simulations. It concludes with full-scale incident response workflows, documentation requirements, escalation procedures, and AI-assisted detection models used in 2026 SOC environments.
 
A strategic blend of theory, guided labs, real-world datasets, and case-based scenarios ensures students gain practical SOC readiness and confidently support incident detection and response functions in a live SOC.

Target Audience

This course is ideal for:

  • Tier I and Tier II SOC Analysts (entry- to intermediate-level)
  • Cybersecurity Analysts, Network Security Engineers/Administrators, Network Defense Analysts, Network & Security Technicians/Operators/Specialists
  • Entry-level cybersecurity professionals seeking to build core SOC skills
  • IT/Network/System Administrators or Engineers wanting to transition into SOC/security monitoring roles
  • Anyone aiming to become a SOC Analyst, aspiring professionals, career switchers, or freshers with interest in SOC operations

Pre-Requisite

  • There are no formal prerequisites mandated by EC-Council to take CSA V2 ; it is open to beginners/entry-level candidates.

Exam Information

Exam Code 312-39
Exam Duration 180 Minutes
Number of Questions 100
Exam Format Multiple-choice Questions
Passing Score 70%
Exam Language English
1800-843-7890
Call Now

GET A FREE DEMO CLASS

For
Captcha*
8 + 37 =
loader-infosectrain

Course Objectives

This course aims to:

  • Build a strong foundation in SOC operations, security monitoring, log management, SIEM workflows, and threat detection concepts.
  • Develop hands-on SOC skills including log correlation, alert triage, IoC analysis, threat intelligence integration, and MITRE ATT&CK mapping.
  • Train participants to detect, investigate, escalate, and document security incidents in alignment with modern SOC L1-L2 practices.
  • Prepare learners to confidently clear the EC-Council Certified SOC Analyst (CSA V2) certification exam and step into SOC Analyst roles.

Course Content

  • Module 1: Security Operations and Management
    • Key topics covered:
      • SOC, SOC Capabilities, SOC Operations, SOC Workflow, Components of SOC, SOC Models, SOC Maturity Models, SOC Generations, SOC KPIs and Metrics, SOC Challenges
  • Module 02: Understanding Cyber Threats, IoCs, and Attack Methodology
    • Key topics covered:
      • Cyber Threats, TTPs, Reconnaissance Attacks, Man-in-the-Middle Attacks, Password Attack
        Techniques, Malware Attacks, Advanced Persistent Threat Lifecycle, Host-Based DoS Attacks,
        Ransomware Attacks, SQL Injection Attacks, XSS Attacks, Cross-Site Request Forgery (CSRF)
        Attack, Session Attacks, Social Engineering Attacks, Email Attacks, Insider Attacks, IoCs,
        Attacker’s Hacking Methodology, MITRE D3FEND Framework, Diamond Model of Intrusion Analysis
  • Hands-on labs:
    • Perform SQL Injection Attack, Cross-Site Scripting (XSS) Attack, Network Scanning Attack, DoS Attack,
      and Brute Force Attack to understand their TTPs and IoCs.
    • Detect and analyze IoCs using Wireshark.
  • Module 03: Log Management
    • Key topics covered:
      • Incident, Event, Log, Log Sources, Log Format, Local Logging, Windows Event Log, Linux Logs, Mac
        Logs, Firewall Logs, IP tables, Router Logs, IIS Logs, Apache Logs, Database Logs, Centralized
        Logging, Log Collection, Log Transmission, Log Storage, AI-Powered Script for Log Storage, Log
        Normalization, Log Parsing, Log Correlation, Log Analysis, Alerting and Reporting
  • Hands-on labs:
    • Configure, monitor, and analyze various logs.
    • Collect logs from different devices into a centralized location using Splunk.
  • Module 04: Incident Detection and Triage
    • Key topics covered:
      • SIEM, SIEM Architecture and its Components, AI-Enabled SIEM, Types of SIEM Solutions, SIEM Deployment, SIEM Use Cases, SIEM Deployment Architecture, SIEM Use Case Lifecycle,Application-Level Incident Detection SIEM Use Cases, Insider Incident Detection SIEM Use Cases,Examples of Network Level Incident Detection SIEM Use Cases, Examples of Compliance Use Cases,SIEM Rules Generation with AI, Alert Triage, Splunk AI, Elasticsearch AI, Alert Triage with AI,Dashboards in SOC, SOC Reports
  • Hands-on labs:
    • Develop Splunk use cases to detect and generate alerts for brute-force attempts, ransomware attacks, SQL injection attempts, XSS attempts, Broken Access Control attempts, application crashes using Remote Code Execution, scanning attempts, monitoring insecure ports and services, HTTP flood/denial of service (DoS) attacks, monitoring Windows audit log tampering, and malicious PowerShell script execution.
    • Enhance alert triage using the SIGMA rules for Splunk queries.
    • Create dashboards in Splunk.
    • Create ELK use cases for monitoring trusted binaries connecting to the internet, credential dumping using Mimikatz, and monitoring malware activity in the system.
    • Create dashboards in ELK.
    • Detect brute-force attack patterns using correlation rules in ManageEngine Log 360.
  • Module 05: Proactive Threat Detection
    • Key topics covered:
      • Cyber Threat Intelligence (CTI), Threat Intelligence Lifecycle, Types of Threat Intelligence,Threat Intelligence Strategy, Threat Intelligence Sources, Threat Intelligence Platform (TIP),Threat Intelligence-Driven SOC, Threat Intelligence Use Cases for Enhanced Incident Response,Enhanced Threat Detection with AI, Threat Hunting, Threat Hunting Process, Threat Hunting Frameworks, Threat Hunting with PowerShell Script, PowerShell AI Module, Threat Hunting with AI,Threat Hunting with YARA, Threat Hunting Tools
  • Hands-on labs:
    • Integrate IoCs into the ELK Stack.
    • Integrate OTX threat data into OSSIM.
    • Detects incidents in Windows Server using YARA.
    • Conduct threat hunting using Windows PowerShell scripts, Hunt Manager in Velociraptor, Log360 UEBA, and Sophos Central.
  • Module 06: Incident Response
    • Key topics covered:
      • Incident Response (IR), IRT, SOC and IRT Collaboration, IR Process, Ticketing System, Incident Triage, Notification, Containment, Eradication, Recovery, Network Security Incident Response,Application Security Incident Response, Email Security Incident Response, Insider Threats and Incident Response, Malware Threats and Incident Response, SOC Playbook, Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), SOAR, SOAR Playbook
  • Hands-on labs:
    • Generate tickets for incidents.
    • Contain data loss incidents.
    • Eradicate SQL injection and XSS incidents.
    • Perform recovery from data loss incidents.
    • Create incident reports using OSSIM.
    • Perform automated threat detection and response using Wazuh.
    • Detects threats using Sophos Central XDR.
    • Integrate Sophos Central XDR with Splunk.
  • Module 07: Forensic Investigation and Malware Analysis
    • Key topics covered:
      • Forensics Investigation, Forensics Investigation Methodology, Forensics Investigation Process,Forensics Investigation of Network Security Incidents, Forensics Investigation of Application Security Incidents, Forensics Investigation of Email Security Incidents, Forensics Investigation of Insider Incidents, Malware Analysis, Types of Malware Analysis, Malware Analysis Tools,Static Malware Analysis, Dynamic Malware Analysis
  • Hands-on labs:
    • Perform forensic investigation of application security incidents: SQL Injection Attacks.
    • Perform forensic investigation of a compromised system incident using Velociraptor.
    • Analyze RAM for suspicious activities using Redline.
    • Perform static analysis on a suspicious file using PeStudio.
    • Examine a suspicious file using VirusTotal.
    • Perform dynamic malware analysis in Windows using Process Hacker.
  • Module 08: SOC for Cloud Environments
    • Key topics covered:
      • Cloud SOC, Azure SOC Architecture, Microsoft Sentinel, AWS SOC Architecture, AWS Security Hub,Centralized Logging with OpenSearch, Google Cloud Platform (GCP) Security Operation Center,Security Command Center, Chronicle
  • Hands-on labs:
    • Implement Microsoft Sentinel in Azure.

Need customized curriculum Talk to Advisor

Related Courses

Ethical Hacking Certification Training in Dubai
Explore
Ethical Hacking Certification Training in Udaipur
Explore
Ethical Hacking Certification Training in Jhansi
Explore
Ethical Hacking Certification Training in Ajmer
Explore

Course Benefits

Designation
Annual Salary
Hiring Companies
SOC Analyst
SOC Analyst
Security Administrator
Security Administrator
Cybersecurity Analyst
Cybersecurity Analyst

Here What people are saying about InfosecTrain

Soumya Devulapalli

Quality training sessions. very engaging and challenging for new learns like me. I appreciate Mr. Karan Srivastava for his patience and support throughout the Workshop.

Mahesh Kumar T

Best explainer, experience clearly can be seen from the way he explains each concepts, didn’t drift around unnecessarily, right on time, Took extra mile Always prevented conflict Motivated and pushed Kept the classes interactive.

Ashwinraj R

Thanks forthe excellent course offered by InfoSec Train. My instructor had given andwalked through the session in a structured manner but I am very much new towards Security Operation and expected more insights from the instructor. My expectation of the course is to understand each and every concept of the security operation but unfortunately was not provided and explained during the session. For him,he wants to complete the session covering the topics and train us to get pass the exam.Overall we are OK and need more improvement in the form of practical explanation and supporting documents... Read More

Why InfosecTrain

Guaranteed* to run Courses

4 hrs/day in Weekday/Weekend

Customized Training

Technical Support Post Training

Access to the recorded session

Accredited Instructors

FAQs

1. What is the role of a SOC analyst?
A SOC analyst is a cybersecurity professional responsible for detecting and managing security incidents in an organization’s security infrastructure.
2. What are the prerequisites for CSA Training?
For CSA training, one year of work experience in the Network Admin/Security domain is compulsory. If the candidate attends official training, this experience is not needed.
3. For how long will the CSA certification be valid?
CSA certification is valid for three years from the date of passing the certification exam.
4. How many attempts are allowed for the examination if I do not pass on the first attempt?

If a candidate does not successfully pass an EC-Council exam in the first attempt:

  • First retake: No waiting period is required to attempt the exam for the second time (1st retake).
  • Second retake: A waiting period of 14 days is required prior to attempting the exam for the third time.
  • Third retake: A waiting period of 14 days is required prior to attempting the exam for the fourth time.
  • Fourth retake: A waiting period of 14 days is required prior to attempting the exam for the fifth time.
5. Can I review my answers during the examination?
Yes, you can review your answers before submitting the test and can mark questions to be reviewed later.
6. How can I get a physical copy of my certificate?
To get a physical copy of your certification, you can request here: https://cert.eccouncil.org/physical-certificate-printing.html
7. What is the duration of CSA exams?
Duration: 3 hours
Number of questions: 100
Format: Multiple-choice.
8. For which job I can apply with CSA certification.
You can apply for many job roles with CSA certification, such as cybersecurity security Analyst, technical support engineer, SOC analyst, and security consultant.
9. Can I request a refund if I fail the test?
No, you cannot request for refund if you fail the test.
10. What are the tools used in SOC?
There are many tools that you will learn in this CSA training like Nmap, Wireshark, FTK imager, Network miner, Autopsy, Splunk, and so on.
11. What should a SOC monitor?
A SOC should able to monitor network traffic, security events, vulnerabilities, and data breach incidents.
TOP