קורסים מקצועיים למתקדמים

סייבר ואבטחת מידע

SOC Analyst Advanced

מספר הקורס 71578

למה ללמוד בג'ון ברייס?
  • למידה חדשנית ודינמית עם כלים מתקדמים בשילוב סימולציות, תרגול וסביבות מעבדה
  • מגוון הכשרות טכנולוגיות עם תכנים המותאמים להתפתחות הטכנולוגית ולביקוש בתעשיית ההייטק
  • מובילים את תחום ההכשרות לעולם ההייטק והטכנולוגיה כבר 30 שנה, עם קהילה של עשרות אלפי בוגרים
  • אתם בוחרים איך ללמוד: פרונטאלית בכיתה, מרחוק ב- Live Class או בלמידה עצמית

המועדים הקרובים

קורס לקבוצות

הקורס נפתח במתכונת של קבוצה בלבד, בהתאמה אישית לארגונים.
לפרטים נוספים: Muzman@johnbryce.co.il

משך הקורס

שעות אקדמיות:

40

מספר מפגשים:

קורס בוקר:

5

מתכונת הקורס

הקורסים המוזמנים לארגונים מותאמים באופן אישי ומלא לצרכי הארגון, מערכי הלימוד גמישים וניתן לשלב בהם תכנים רלוונטיים וייעודיים.

Overview

Nowadays, a Security Operation Centers (SOC) should have everything it needs to mount a competent defense of the constantly-changing IT enterprise. The SOC includes a vast array of sophisticated detection and prevention technologies, cyber intelligence reporting, and access to a rapidly expanding workforce of talented IT professionals. This SOC Operation course is designed for SOC organizations to implement a SOC solution and provide full guidance on the necessary skills and procedures to operate it. The training will provide participants with all aspects of a SOC team to keep the enterprise’s adversary.

The course helps prepare for the certification exams CISM (ISACA), GSEC (SANS), and GMON (SANS).

Objectives

Provide participants with a solid understanding of the SOC environment, its roles, and functionalities

Provide the participants the ability to gain practical capabilities of working inside a SOC as Tier-1 analysts and incident responders

Understand the work of forensic investigators in a SOC

practice the acquired knowledge in real-time through the simulation environment

Who Should Attend

The course targets participants with foundation knowledge in computer networking, who wish to operate a SOC on the analyst and incident responder levels, or individuals who serve as corporate security analysts. Incident responders System/network administrators IT security personnel

תכנית הלימודים

Full syllabus
PDF להורדה

Module 1: Intrusion Detection

During this module, participants will further explore data packets’ study on a deeper level, learn to identify network anomalies, and understand system alerts. Students will master the use of well-known command-line-interface (CLI) and graphic-user-interface (GUI) tools to further specialize in the field. Students will learn methodologies to approach investigations of incidents.

  • Basic Intrusion Detection Tools and Methods
    • Sysmon
    • Advanced Wireshark
    • Uncovering User-Accounts
    • OS Fingerprinting
    • GeoIP Integration
    • Streams Analysis
    • Incident Investigation
    • Hashing Tables
    • Analyzing Cyber-Events
    • Web-Filtering
    • Network Events
    • TShark: Wireshark CLI Tool
  • Using Scapy Module
    • Crafting and Analysing Packets
    • Working with PCAP Files
    • Replaying Packets for Investigating

Module 2: Using the SIEM

This module will drill down to SIEM (Security Information and Event Management), the primary system used by SOC analysts for monitoring the network. Participants will install a freely-available open-source SIEM platform and simulate different scenarios through a pre-prepared virtual environment, mimicking an organization. The virtual environment will include: Firewall, WAF, a Domain Controller, and an Antivirus. Students will have to demonstrate the various practical capabilities they acquired during the course and operate in a real-time environment during this part.

Module 3: Windows Management Instrumentation (WMI)

This module will explain and expand on the use of Windows Management Instrumentation. Students will learn how the core management process is accomplished and use WMI to manage both local and remote computers on the LAN network to consolidate the acquired knowledge into building tools skills in PowerShell scripts and regular WMI usage.

Module 4: SOC and IR

This module will teach the student to manage an enterprise security incident while avoiding common errors, increasing both the effectiveness and efficiency of your incident response efforts.

 

Prerequisites
  • Linux
  • SOC-Intermediate (Course 71577)
סימולטור - Cyberium Arena

The courses at John Bryce Training allow you to gain experience with unique simulators and hands-on practice labs that include a variety of scenarios. Students are given the opportunity to put in practice what they have learned in order to retain all the relevant skills and information they were given throughout the course, this way upgrading their knowledge and expertise.

The simulator that is used in the hands on practice labs is The Cyberium system. This is an advanced cyber scenario simulator which has been developed by cyber experts who have been constantly involved in cyber training and in giving knowledge gaps solutions in the field of cyber. The simulator includes two main types of scenarios – educational and realistic.

Each educational scenario is focused on a different aspect of the course and simulates a specific aspect of the training topics. Each issue or topic taught in the course has a point exercise that allows the student to focus on it and deeply learn it.

The realistic scenarios simulate possible or past incidents related to Information Security. This includes everything from topics such as the Regulation of Cyber Systems to Attacks by Terrorist Hacker Organizations. These scenarios are broader than the educational exercises and require more of a systemic, strategic and comprehensive vision.

After each scenario, the system automatically generates detailed reports that serve as immediate feedback that allows the student and lecturer to measure the abilities, strengths, and weaknesses of the participant.

Schedule Appointment

Fill out the form below, and we will be in touch shortly.

לא הצלחנו לאתר את הטופס.

בודק...