Certified SOC Analyst (CSA)

The EC-Council Certified SOC Analyst (CSA) certification is purpose-built for Tier 1 and Tier 2 SOC analysts who monitor, detect, analyse, and respond to security incidents. CSA equips professionals with SIEM operations, log analysis, threat intelligence integration, and incident escalation skills. It is the essential starting credential for anyone pursuing a Security Operations Center career.

Request Training Email Inquiry

What is the Certified SOC Analyst (CSA)?

Who Should Take This Course?

Entry-level and mid-level SOC Analysts (Tier 1 and Tier 2)
Network and Security Administrators moving into SOC roles
IT professionals transitioning into cybersecurity operations
Threat Intelligence Analysts and SIEM operators
Incident Responders and Security Monitoring professionals
Fresh graduates targeting cybersecurity careers
Anyone seeking a structured foundation in SOC operations

What You Will Learn in the CSA Course

A comprehensive curriculum covering all exam objectives with hands-on labs and real-world practice.

Security Operations and SOC Fundamentals

Understand the structure, processes, and goals of a modern SOC.

SOC roles, responsibilities, and tier structure
SOC workflows: alert triage, escalation, and response
Security monitoring tools and dashboards
SOC metrics, KPIs, and reporting

Log Management and Analysis

Collect, parse, and analyse logs from diverse sources.

Log collection from Windows, Linux, firewalls, and IDS
Log normalisation and correlation techniques
Identifying anomalies and indicators of compromise (IOCs)
Log storage, retention, and compliance requirements

SIEM Operations and Use Cases

Operate and configure SIEM platforms for detection and response.

SIEM platforms: Splunk, IBM QRadar, Microsoft Sentinel
Creating SIEM use cases and correlation rules
Alert tuning to reduce false positives
Dashboard creation and incident workflows in SIEM

Threat Intelligence and Incident Triage

Integrate threat intelligence to prioritise and contextualise alerts.

Threat intelligence types: strategic, tactical, operational
IOC feeds and threat intelligence platforms (TIPs)
MITRE ATT&CK framework for threat mapping
Alert triage: severity classification and escalation decisions

Incident Detection and Response

Detect security incidents and execute initial response procedures.

Incident detection using network and endpoint telemetry
Incident response lifecycle: preparation to recovery
Containment procedures for common attack types
Documenting incidents and creating incident reports

Network Traffic Analysis and Monitoring

Monitor and analyse network traffic for malicious activity.

Network packet analysis with Wireshark and tcpdump
NetFlow and traffic baseline monitoring
Detecting lateral movement and C2 communication
IDS/IPS rule tuning and alert management

Course Prerequisites

Pre-requisites training is free when you purchase the course from ProSupport

Basic understanding of networking concepts (TCP/IP, DNS, HTTP)
Familiarity with Windows and Linux operating systems
Fundamental knowledge of information security concepts
Understanding of firewalls, IDS/IPS, and network devices
No prior SOC experience required — entry-level certification

Exam Information

Everything you need to know about the CSA certification exam.

Exam Component	Details
Exam Name	Certified SOC Analyst
Exam Code	312-39
Exam Type	Multiple Choice
Total Questions	100
Passing Score	70%
Exam Duration	180 minutes
Language	English
Exam Provider	EC-Council / Pearson VUE
Exam Focus	SOC operations, SIEM management, log analysis, threat intelligence, incident detection and response
Exam Registration	EC-Council Exam Center (eccouncil.org/programs/certified-soc-analyst-csa/)
Retake Policy	EC-Council retake policies apply; additional exam fee required
Certification Validity	3 years (120 ECE credits for renewal)