EC-Council SOC Essentials (SCE)
Module 1: Foundations of Computer Network and Security
– Introduction to Computer Networks
– TCP/IP Model
– OSI Model
– Types of Networks
– Network Models and Topologies
– TCP/IP Protocol Suite
– Network Security Controls and Devices
– Windows and Unix/Linux Security
– Web Application Fundamentals
– Information Security Standards, Laws, and Acts
Module 2: Understanding Cyber Threats
– Overview of Cyber Threats
– Intent, Motive, and Goal of Threat Actors
– Tactics, Techniques, and Procedures (TTPs)
– Vulnerability and Weakness Assessment
– Types of Threats and Attacks
– Examples of Network-based, Application-based, and Host-based Attacks
– Insider Threats
– Malware, Phishing, and Social Engineering
Module 3: Security Operations Center (SOC) Basics
– What is a Security Operations Center (SOC)?
– Importance of SOC
– Roles and Responsibilities of SOC Team
– Key Performance Indicators (KPI) for SOC
– Metrics for SOC
– SOC Maturity Models
– SOC Workflow, Processes, and Challenges
Module 4: Components and Architecture of SOC
– Key Components of a SOC
– People, Processes, and Technologies in SOC
– SOC Architecture and Infrastructure
– Different Types of SOC and Their Purposes
– Introduction to Security Information and Event Management (SIEM)
– SIEM Architecture and Deployment Models
– Data Sources and Networking in SIEM
– Endpoint Data in SIEM
Module 5: Log Management
– Incident, Event, and Log Definitions
– Typical Log Sources and Formats
– Local and Centralized Log Management
– Logging Best Practices and Tools
Module 6: Incident Detection and Analysis
– SIEM Use Case Development
– Security Monitoring, Correlation Rules, Dashboards, and Reports
– Alerting and Triaging Alerts
– Dealing with False Positive Alerts
– Incident Escalation, Communication Paths, and Ticketing Systems
Module 7: Threat Intelligence and Hunting
– Introduction to Threat Intelligence
– Threat Intelligence Sources, Types, and Lifecycle
– Role of Threat Intelligence in SOC Operations
– Threat Intelligence Feeds, Sharing, Collaboration, and Tools/Platforms
– Introduction to Threat Hunting, Techniques, Methodologies, and Role in SOC Operations
– Leveraging Threat Intelligence for Hunting and Threat Hunting Tools
Module 8: Incident Response and Handling
– Incident Handling Process, Classification, and Prioritization
– Incident Response Lifecycle: Preparation, Identification, Containment, Eradication, Recovery, Post-Incident Analysis, and Reporting