EC-Council - Certified SOC Analyst (CSA)



Only 2 Days



Classroom / Online / Hybrid

Next date

Next date:

31/7/2023 (Monday)


On this accelerated EC-Council Certified SOC Analyst (CSA) course, you'll learn to identify, monitor and analyse cyber-attacks, and use the information to quickly respond to security incidents.

In just 2 days, you'll build the skill-set you need to work effectively within a security operations centre (SOC). You'll also learn about security information and event management (SIEM), deployment and architecture.

At the end of your course, you'll sit Exam 312-39 and return to the office an EC-Council Certified SOC Analyst (CSA).

On this accelerated course, you'll learn how to:

  • Recognise attacker tools, behaviours, tools and procedures
  • Use the Centralised Log Management (CLM) process
  • Make use of constantly changing threat information

If you're an aspiring SOC analyst or already are one at a Tier 1 and Tier 2 level, this course is ideal for you.

This course is also designed for security professionals who handle and manage network security operations, like network and security administrators or engineers, or network security operators.

You’ll train at twice the speed with Firebrand's unique Lecture | Lab | Review methodology. Learn in a distraction-free environment and become an EC-Council Certified SOC Analyst (CSA) in just 2 days.


Seven reasons why you should sit your course with Firebrand Training

  1. Two options of training. Choose between residential classroom-based, or online courses
  2. You'll be certified fast. With us, you’ll be trained in record time
  3. Our course is all-inclusive. A one-off fee covers all course materials, exams**, accommodation* and meals*. No hidden extras.
  4. Pass first time or train again for free. This is our guarantee. We’re confident you’ll pass your course first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
  5. You’ll learn more. A day with a traditional training provider generally runs from 9am – 5pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day quality learning time, with your instructor
  6. You’ll learn faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
  7. You’ll be studying with the best. We’ve been named in Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified over 100,000 professionals
  • * For residential training only. Doesn't apply for online courses
  • ** Some exceptions apply. Please refer to the Exam Track or speak with our experts


Module 1: Security operations and management

  • Understand the SOC Fundamentals
  • Discuss the components of SOC: People, processes and technology
  • Understand the implementation of SOC

Module 2: Understanding cyber threats, IoCs, and attack methodology

  • 2.1 Describe the term cyber threats and attacks
  • 2.2 Understand the Network Level attacks
  • 2.3 Understand the Host Level attacks
  • 2.4 Understand the Application Level attacks
  • 2.5 Understand the Indicators of Compromise (IoCs)
  • 2.6 Discuss the attacker’s Hacking Methodology

Module 3: Incidents, events and logging

  • 3.1 Understand the fundamentals of incidents, events, and logging
  • 3.2 Explain the concepts of local logging
  • 3.3 Explain the concepts of centralised logging

Module 4: Incident detection with Security Information and Event Management (SIEM)

  • 4.1 Understand the basic concepts of Security Information and Event Management (SIEM)
  • 4.2 Discuss the different SIEM Solutions
  • 4.3 Understand the SIEM Deployment
  • 4.4 Learn different use case examples for Application Level Incident Detection
  • 4.5 Learn different use case examples for Insider Incident Detection
  • 4.6 Learn different use case examples for Network Level Incident Detection
  • 4.7 Learn different use case examples for Host Level Incident Detection
  • 4.8 Learn different use case examples for Compliance
  • 4.9 Understand the concept of handling alert triaging and analysis

Module 5: Enhanced incident detection with threat intelligence

  • 5.1 Learn fundamental concepts on threat intelligence
  • 5.2 Learn different types of threat intelligence
  • 5.3 Understand how threat intelligence strategy is developed
  • 5.4 Learn different threat intelligence sources from which intelligence can be obtained
  • 5.5 Learn different Threat Intelligence Platform (TIP)
  • 5.6 Understand the need of threat intelligence-driven SOC

Module 6: Incident response

  • 6.1 Understand the fundamental concepts of incident response
  • 6.2 Learn various phases in Incident Response Process
  • 6.3 Learn how to respond to Network Security Incidents
  • 6.4 Learn how to respond to Application Security Incidents
  • 6.5 Learn how to respond to Email Security Incidents
  • 6.6 Learn how to respond to Insider Incidents
  • 6.7 Learn how to respond to Malware Incidents

Exam Track

You'll sit the following exam at the Firebrand Training centre, covered by your Certification Guarantee:

  • EC-Council Certified SOC Analyst (CSA) - Exam 312-39
    • Exam format: Multiple-choice
    • Exam duration: 120 minutes
    • Number of questions: 100
    • Passing score: 70%
    • Language: English
    • Domains:
      • 1: Security operations and management (5%)
      • 2: Understanding cyber threats, IoCs, and attack methodology (11%)
      • 3: Incidents, events and logging (21%)
      • 4: Incident detection with Security Information and Event Management (SIEM) (26%)
      • 5: Enhanced incident detection with threat intelligence (8%)
      • 6: Incident response (29%)

What's Included

Your accelerated course includes:

  • Accommodation *
  • Meals, unlimited snacks, beverages, tea and coffee *
  • On-site exams **
  • Exam vouchers **
  • Practice tests **
  • Certification Guarantee ***
  • Courseware
  • Up-to 12 hours of instructor-led training each day
  • 24-hour lab access
  • Digital courseware **
  • * For residential training only. Accommodation is included from the night before the course starts. This doesn't apply for online courses.
  • ** Some exceptions apply. Please refer to the Exam Track or speak with our experts
  • *** Pass first time or train again free as many times as it takes, unlimited for 1 year. Just pay for accommodation, exams, and incidental costs.


Before attending this accelerated course, you should have 1 year of work experience in network admin or security.

Unsure whether you meet the prerequisites? Don’t worry. Your training consultant will discuss your background with you to understand if this course is right for you.


Here's the Firebrand Training review section. Since 2001 we've trained exactly 134,561 students and asked them all to review our Accelerated Learning. Currently, 96.48% have said Firebrand exceeded their expectations.

Read reviews from recent accelerated courses below or visit Firebrand Stories for written and video interviews from our alumni.

"It was an excellent crash course on a wide variety of different topics related to ethical hacking."
TR. (28/11/2022 (Monday) to 2/12/2022 (Friday))

"The training centre was well presented and clean, all the provided equipment worked correctly. The trainer was well versed in his material and the subject in general."
Anonymous. (28/11/2022 (Monday) to 2/12/2022 (Friday))

"Instructor was on top of his job. He really knows his stuff. Acquired a lot of practical and theory knowledge."
Enoch Adjiri, Central securities Depository Gh. Ltd. (28/11/2022 (Monday) to 2/12/2022 (Friday))

"Great instructor, Good course, Good hotel and food. "
Anonymous. (28/11/2022 (Monday) to 2/12/2022 (Friday))

"Great course with very knowledgeable instructor. Completed the course over teams which was useful however, think I'd prefer to attend the site next time."
Anonymous. (10/10/2022 (Monday) to 14/10/2022 (Friday))

Course Dates

EC-Council - Certified SOC Analyst (CSA)




Book now

17/4/2023 (Monday)

18/4/2023 (Tuesday)

Finished - Leave feedback


31/7/2023 (Monday)

1/8/2023 (Tuesday)


Book now

5/10/2023 (Thursday)

6/10/2023 (Friday)


Book now

7/12/2023 (Thursday)

8/12/2023 (Friday)


Book now

Latest Reviews from our students