IBM - Certified SOC Analyst

Curriculum

CompTIA CySa+ (Cybersecurity Analyst)

Section 1: Threat Management

• Module 1: Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes
• Module 2: Given a scenario, analyse the results of a network reconnaissance
• Module 3: Given a network-based threat, implement or recommend the appropriate response and countermeasure
• Module 4: Explain the purpose of practices used to secure a corporate environment

Section 2: Vulnerability Management

• Module 1: Given a scenario, implement an information security vulnerability management process
• Module 2: Given a scenario, analyse the output resulting from a vulnerability scan
• Module 3: Compare and contrast common vulnerabilities found in the following targets

Section 3: Cyber Incident Response

• Module 1: Given a scenario, distinguish threat data or behaviour to determine the impact of an incident
• Module 2: Given a scenario, prepare a toolkit and use appropriate forensic tools during an investigation
• Module 3: Explain the importance of communication during the incident response process
• Module 4: Given a scenario, analyse common symptoms to select the best course of action to support incident response
• Module 5: Summarise the incident recovery and post-incident response process

Section 4: Security Architecture and Tool Sets

• Module 1: Explain the relationship between frameworks, common policies, controls, and procedures
• Module 2: Given a scenario, use data to recommend remediation of security issues related to identity and access management
• Module 3: Given a scenario, review security architecture and make recommendations to implement compensating controls
• Module 4: Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC)
• Module 5: Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

IBM Security QRadar SIEM V7.3.3 Fundamental Administration

Section 1: Implementing

• Module 1: Plan and design QRadar deployment
• Module 2: Implement and install QRadar
• Module 3: Add Managed Hosts

Section 2: Migrating and upgrading

• Module 1: Plan QRadar upgrade and migration
• Module 2: Review documentation and release notes
• Module 3: Perform QRadar updates, patches and upgrades
• Module 4: Perform migration (e.g., backup and restore, import and export content)

Section 3: Configuring and administering tasks

• Module 1: Configure event flow sources and custom properties
• Module 2: Maintain configuration and data backups
• Module 3: Create and administer users, user roles, and security profiles
• Module 4: Manage the license per allocation
• Module 5: Create, review and modify rules, building blocks and reference sets
• Module 6: Configure and manage retention policies (i.e., data and assets)
• Module 7: Create and manage saved searches, index, global views, dashboards and reports
• Module 8: Deploy and manage applications and content packages
• Module 9: Configure global system notifications
• Module 10: Configure and apply network hierarchy
• Module 11: Configure and manage domain and tenants
• Module 12: Use the asset database
• Module 13: Schedule and run a VA scan

Section 4: Monitoring

• Module 1: Monitor QRadar Notifications and error messages
• Module 2: Review and interpret system monitoring dashboards
• Module 3: Verify QRadar processes and services
• Module 4: Monitor QRadar performance
• Module 5: Use apps and tools for monitoring (e.g., QDI, assistant app, incident overview, DrQ)
• Module 6: Check system maintenance and health of appliances
• Module 7: Monitor offences and detect anomalies

Section 5: Troubleshooting

• Module 1:  Demonstrate knowledge of key commands to interpret QRadar services and processes
• Module 2: Explain error messages and notifications
• Module 3: Interpret the basic logs (e.g., qradar.error, qradar.log)
• Module 4: Use embedded troubleshooting tools and scripts