Preview CSA v1 - Certified SOC Analyst with Splunk Enterprise and Qualys Guard

Lab Setup

Kali_Linux_Setup

Installing Wireshark

Windows lab setup

Kali Linux Overview

kali linux introduction

Directories_unix

Users Management

Services_kali_Linux

Servers_in_kali_Linux

Working with Metasploit

Important_Security tools

cal command

cat command

cd command

cmp diff command

cp command

date command

egrep command

file permissions

find command

find files by names comand

find files by type and perm

grep command

ls command

mkdir command

modes command

mv command

paste command

pwd command

rm command

sort command

touch command

tr command

uname command

uniq command

users-last command

w command

wc command

where is command

who ami command

who command

who-is-logged

Module - 1 Security Operations and management overview

CSA - Detection Capabilities

CSA - Need of SOC

csa - Security Operations & management

csa - Security Operations

csa - soc & noc

csa - SOC models

csa - soc workflow

CSA - Threat Identification, Reaction & Report

csa soc components

Module - 2 Common Security Threats

Bypassing Firewall rules using HTTP/FTP Tunneling

Exploiting CSRF attacks

Detecting ARP attacks

Disk encryptions using veracrypt

Dos attack using Hping3 tool

Cracking ftp credentials using dictionary attacks

Calculating hashes using hashcalc

Detecting Intrusions using IDS_Snort

LFI & RFI attacks

Working with MD5 hash calc

Vulnerability assessment with Nessus

Bypassing Firewalls using NMAP

RCE - Remote Code Execution Exploitation

Dumping & Cracking SAM hashes to extract plaintext passwords

Spoofing mac address

Exploiting SQL injection attacks - Practical approach

startup program monitoring tool

Exploiting MSSQL using webshell to extract databases (Exfiltration)

Wireless Packet analysis using Wireshark

Windows Registry entry monitoring for suspicious activities

Exploiting parameter tampering and XSS Vulnerabilities

Module 3 - Understanding Cyber Threats, IoCs, and and Attack Methodology

Introduction of Threats

Intent Motive and Goal

Understand Tactics-Techniques-Procedures

Understanding Opportunity-vulnerability and Weakness

Hacking Methodologies

CSA Network attacks - Reconnaissance

CSA Network attacks - Scanning

CSA Network attacks - Exploitation

Understanding IOC's - Indicators of the compromise

IOC's of Malware Threats

Understanding Application based attacks

Understanding Host level attacks

lab 1 - Understanding the Working of SQL Injection Attacks

lab 2 - Understanding the Working of XSS Attacks

lab 3 - Understanding the Working of Network Scanning Attacks

lab 4 - Understanding the Working of Brute Force Attacks

lab 5 - Detecting and Analyzing IoCs using Wireshark

Module 4 - Security Operations Center

Understanding log, event and incident

Typical Log Sources

Need of Log

Logging requirements

Typical log formats

Local logging - 1

Local logging - 2

Local logging - 3

Local logging - 4

Local logging - 5

Centralized logging - 1

lab 1 - Configuring, Monitoring, and Analyzing Windows Logs

lab 2 - Configuring, Monitoring, and Analyzing IIS Logs

lab 3 - Configuring, Monitoring, and Analyzing Snort IDS Logs

MODULE 5 - Incident Detection with Security Information and event management

Objectives of this module

Need of SIEM tools

Typical SIEM capabilities

Siem architecture and components

SIEM Solutions overview

SIEM deployment - 1

SIEM deployment - 2

Understanding of incident detection with siem

Use case examples for insider incident detection

Use case examples for Network level incident detection - 1

Use case examples for Network level incident detection - 2

Use case examples for HOST level incident detection

Handling Alert Triaging and Analysis

lab 1 - Host Level Incident Detection: Creating Splunk Use Case for Detecting Brute force attacks

lab 2 - Application Level Incident Detection: Creating Splunk Use Case for Detecting SQL Injections

lab 2 - Application Level Incident Detection: Creating Splunk Use Case for Detecting XSS attacks

lab 3 - Network Level Incident Detection: Creating Splunk Use Case for Detecting network scanning attempts

lab 4 - Host Level Incident Detection: Creating ELK Use Case for Monitoring Trusted binaries connecting internet

Lab 5 - Host Level Incident Detection: Creating ELK Use Case

MODULE 6 - Enhanced Incident Detection with Threat intelligence

Introduction of Cyber Threat Intelligence (CTI)

Types of Threat Intelligence - 1

Types of Threat Intelligence - 2

Threat Intelligence-driven SOC

Benefit of Threat Intelligence to SOC Analyst

Threat Intelligence Use Cases for SOC Analyst

Integration of Threat Intelligence into SIEM

Threat Intelligence Use Cases for Enhanced Incident Response

Enhancing Incident Response by Establishing SOPs for Threat Intelligence

lab 1 - Enhanced Incident Detection with Threat Intelligence

lab 2 - Integrating OTX Threat Data in OSSIM

MODULE 7 - Incident Response

Incident response overview

SOC and IRT Collaboration

Incident Response (IR) Process Overview - 1

Incident Response (IR) Process Overview - 2

Incident Response (IR) Process Overview - 3

Incident Response (IR) Process Overview - 4

Incident Response (IR) Process Overview - 5

Responding to Network Security Incidents

Responding to Application Security Incidents

Responding to Email Security Incidents

Responding to an Insider Incidents

lab 1 - Generating Tickets for Incidents

lab 2 - Eradicating SQL Injection and XSS Incidents

lab 3 - Recovering from Data Loss Incidents

lab 4 - Creating Incident Reports using OSSIM

Responding to an Malware Incidents

Module 8 - Qualys Cloud Agent

AGENT APPLICATION SUPPORT

AGENT AS DATA COLLECTORS

AGENT DEPLOYMENT OPTIONS

AGENT PLATFORM COMMUNICATION

AGENT PROVISIONING AND REPROVISIONING

CLONE DETECTION

CLOUD AGENT BENEFITS

CLOUD AGENT LAB 1 - Cloud agent deployment

CLOUD AGENT LAB 2 - Agent installation components

CLOUD AGENT LAB 3 (1) PRACTICAL FINAL

CLOUD AGENT LAB 3 (2) PRACTICAL FINAL

CLOUD AGENT LAB 3 (3) PRACTICAL FINAL

CLOUD AGENT LAB 3 (4) PRACTICAL FINAL

CLOUD AGENT LAB 4 PRACTICAL FINAL

CLOUD AGENT LAB 5 PRACTICAL FINAL

CLOUD AGENT LAB 6 PRACTICAL FINAL

CLOUD LAB 7 PRACTICAL FINAL

CLOUDAGENT LAB 8 PRACTICAL FINAL

LARGE CLOUD AGENT DEPLOYMENT

LIFECYCLE AND CONFIGURATION

Overview & OS SUPPORT

PRE INSTALLATION CHECKS

PROXY CONFIGURATION

SCAN DELAY AND SCAN RANDOMIZATION

Qualys VMDR - Vulnerability Management

VM INTRO VIDEO

VM ACCOUNT SETUP

Lab 1 - ACCOUNT and APPLICATION SETUP

QUALYS KNOWLEDGE BASE

KNOWLEDGE BASE SEARCHLISTS

Lab 2 - KNOWLEDGE BASE

ASSET AND ASSET INVENTORY

ASSET GROUPS

ASSET TAGGING

Lab 3 - Working with Searchlists

Lab 4 - Working with ASSET SEARCH

USING ASSET TAGS

Lab 5 - Working with ASSEST TAGS

USING ASSET GROUPS

Lab 6 - Working with AUTHENTICATION RECORDS

USER MANGEMENT

Lab 7 - Working with CREATING USER ACCOUNT

Lab 8 - Working with ASSIGN VULNERABILITIES TO USER

VM LIFE CYCLE AND SENSORS

VULNERABILITY ASSESSMENTS

VULNERABILITY SCANNING

Lab 9 - Working with VULNERABILITY ASSESMENT

Lab 10 - Working with IGNORE VULNERABILITIES

SCAN BY HOSTNAME

SCAN CONFIGURATION

SCHEDULING ASSESMENTS SCANS

Lab 11 - Working with SCHEDULE SCAN

Lab 12 - Working with LAUNCH SCAN

Lab 13 - Working with ORGANISE AND MANAGE ASSESTS

VIEW SCAN RESULTS

REMEDIATION

Lab 14 - Working with REMEDIATION REPORT

REPORT OVERVIWING

Lab 15 - Working with REPORTING

REPORT TEMPLATES

Lab 16 - Working with SCHEDULED REPORTS

Lab 17 - Working with CUSTOM REPORT TEMPLATE

Preview - CSA v1 - Certified SOC Analyst with Splunk Enterprise and Qualys Guard