Outline and TOC

The document outlines a beginner-level training program for Security Operation Center (SOC) Analysts, covering essential technical knowledge and key concepts across five modules. Topics include blue team operations, network security monitoring, endpoint security, continuous monitoring with SIEM, and asset management. The course is virtual, requires basic IT knowledge, and runs for five weeks starting June 17, 2023, with flexible registration fees.

Uploaded by

aungkoko.business

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

5 views3 pages

Outline and TOC

Uploaded by

aungkoko.business

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 3

Security Operation: Beginner Edition

Abstract
ယနေ့ခေတ်တွင် အဖွဲ့အစည်းများတွင် ကြုံတွေလာရသော CyberSecurity Incident များကို အချိန်နှင့်
တပြေးညီ ကြည့်ရှုစစ်ဆေးနိုင်ရန် Security Operation Center များကိုဖွဲ့စည်းတည်ဆောက် လာကြ
သည်။ယခုသင်တန်းသည် SOC Analyst တစ်ယောက်အနေဖြင့် လိုအပ်မည့် technical knowledge နှ
င့် key concepts များကို ဆွေးနွေးသွားမည်။ ယခုသင်တန်းကို အောက်ပါ အခန်းငါးခန်း ဖြင့်ဖွဲစည်း
တည်ဆောက်ထားပြီး ၄င်းအခန်းများကို ကျွမ်းကျင်စွာတက်မြောက် ပါက Junior SOC Analyst တစ်
ယောက်အနေဖြင့် အလုပ်လုပ်ကိုင်နိုင်ရန် ရည်ရွယ်ထားပါသည်။

Module 1: Blue Team Tools and Operations

This section starts with an introduction to the blue team, the mission of a Security
Operations Center (SOC). This session will explain key technology used in SOC , including
incident management systems, threat intelligence platforms, SIEMs, and EDR tools.

High level of Security Operation Center

Endpoint Detection and Response
Security Incident Management Platform
Threat Intellegence Platform
SIEM

Module 2: Network Security Monitoring

In summary, this part of the training program focuses on understanding the network
environment for effective defense. It covers topics such as network traffic flow,
segmentation, and monitoring. Participants learn about common network services like DNS,
HTTP(S), SMTP, and more, with an emphasis on recognizing anomalies and the tactics used
by attackers.

Defensible Network Architecutre

Understanding DNS and Analysis
Understanding HTTP,HTTPS and Analysis
Understanding Email protocols and Analysis
Others network protocols

Module 3: Endpoint Security Monitoring

In this module, the training focuses on host-level logging, and analysis. It covers attack
tactics targeting endpoints, providing a comprehensive understanding of the log generation.
Participants gain knowledge about various common log formats and develop the ability to
quickly analysis of the likelihood of being malicious. The module aims to provide a complete
view of the analysis process, from log generation to identifying potential threats.

Endpoint Attack TTPs

Endpoint Defense
Windows Logging
Linux Logging
Understanding Important Events

Module 4: Continuous Monitoring with SIEM

In this section of the training, logging and analysis are emphasized as crucial components of
cyber network defense. The focus is on both reactive and proactive detection of adversarial
activities. Participants are introduced to free logging and analysis tools and are brought up to
speed on SIEM (Security Information and Event Management) concepts and best practices.
The training covers Elasticsearch, Logstash, and Kibana, and includes hands-on labs to
familiarize students with ingesting, manipulating, analyzing, and reporting on log data. The
goal is to equip participants with the necessary skills to effectively leverage these tools for
logging and analysis in cybersecurity operations.

SIEM Architecture
Log Collection, Parsing, and Normalization
Network Analysis with SIEM
Endpoint Analysis with SIEM
Detection engineering

Module 5: Baselining
In this section, the training focuses on automating asset management and distinguishing
between authorized and unauthorized assets. It covers key log sources that provide
accurate data and techniques for correlating and integrating multiple data sources to build
an asset inventory. Participants will also gain hands-on experience in applying network and
system baselining techniques to better understand their own environment. At the end of the
course will cover how to response when the incident is occur.

Identify authorized and unauthorized assets

Baseline network data
Monitor authentication based on pattern
Endpoint baseline monitoring
Incident Response

Type
Virtual
Prerequisite
1. Laptop or PC
4 Core
8GB of RAM
30GB of HDD
Docker Desktop or Docker pre-install
VMWare or Virtual Box
2. Stable Internet Connection
3. Basic IT knowledge on System(Linux,Windows) and Network(TCP/IP)

Course Schedule
10AM to 12PM MMT
Every Weekend
5 Weeks

Registration
5 June 2023

Start date
17 June 2023

Instructor
Saw Winn Naung

Course Fees
Pay As You Can