عراب ال IT 
امتحانات دوليه
(312-49 / CSA)
Certified SOC AnalystAbout the Certification
This certification, issued by EC-Council, is one of the most important Blue Team / SOC certifications for the beginner to intermediate level. It focuses on security monitoring, event analysis, and attack detection within Security Operations Centers (SOC). The certification validates the candidate’s ability to understand SOC architecture and analyst roles (Tier 1 and Tier 2), work with SIEM systems and log analysis, identify Indicators of Compromise (IoCs), analyze common attacks targeting networks and systems, perform initial incident response actions, and produce professional security reports. It is considered the core entry-level certification for starting a professional SOC Analyst career with a solid foundation.
Main Curriculum
The curriculum is divided into six main sections
- Threat Landscape & Attack Detection
-
- Types of cyber threats
- Cyber Kill Chain
- MITRE ATT&CK framework
- Indicators of Compromise
- SOC Reporting, Documentation, and Performance Metric
-
- Incident documentation
- SOC reporting
- Key Performance Indicators (KPIs) and metrics
- Continuous improvement
- Incident Detection & Initial Response
-
- Incident identification
- Alert validation
- Initial containment procedures
- Escalation procedures
- Threat Intelligence & SOC Use Cases
-
- Threat intelligence feeds
- Indicator of Compromise (IoC) enrichment
- SOC use case development
- Proactive monitoring
- Log Management & SIEM Operations
-
- Log sources and log collection
- SIEM architecture
- Correlation rules
- Alert triage and prioritization
- SOC Fundamentals & Security Operations
-
- Security Operations Center concept
- Roles and responsibilities of SOC Analysts
- SOC processes and workflows
- SOC maturity levels (Tier1 / Tier 2)
Exam Details :
- Exam code: 312-49 / CSA
- Exam duration: 120 minutes
- Number of questions: 100 questions
- Question types: Multiple choice + Scenario-based
- Passing score: 70%
- Exam fee: USD 250–299 (may vary by country and may include taxes)
- Certification validity: 3 years
- Language: English
Do I need certifications before it ?
No, not at all.
However, basic knowledge of networking, operating systems, and fundamental security concepts is recommended. Holding certifications such as NDE, DFE, CCT, or Security+ is considered a strong advantage but is not mandatory.
Which certifications are recommended after this one ?
Not mandatory.
However, for those seeking a strong career path in SOC operations—especially in event monitoring, threat analysis, and incident response—the Certified SOC Analyst (CSA) certification represents one of the strongest starting points.
What are the main uses of the Certified SOC Analyst (CSA) certification ?
- CySA+ – Deepen expertise in threat analysis, SIEM operations, and incident response
- Advanced Blue Team / SOC Level 2 & 3 – Progress to advanced analysis, triage, and incident leadership
- Incident Response & DFIR – Specialize in incident handling and digital forensics
- Incident Response & DFIR – Specialize in incident handling and digital forensics
- Detection Engineering (SIEM / SOAR / Use Cases) – Build effective detection rules and automate security response
- Cloud SOC & Cloud Security Monitoring – Handle threats and incidents in cloud environments
Launching a Career as a SOC Analyst :
The CSA certification provides essential security analysis skills and prepares you to confidently work with SIEM platforms, logs, indicators, threats, and security incidents. It is a strong step for anyone looking to start a professional career in SOC, Blue Team, or Incident Response.
Who is this certification suitable for ?
- SOC Analyst Beginner / Tier 1.
- IT / System / Network Technicians looking to enter Cybersecurity
- Cybersecurity students
- Blue Team أو Incident Response Beginner.
- Anyone planning to start a career focused on Monitoring and Threat Detection