SOC-200

Offensive Security Defensive Analyst (OSDA)

About the Certification

This is a professional certification from Offensive Security specialized in Defensive Security Analysis, focusing on enabling candidates to understand attacks from a defensive perspective within Security Operations Center (SOC) environments.
The certification aims to prepare candidates to analyze attacks, detect malicious behavior, investigate security incidents, and read and analyze logs and alerts generated by various security systems.
It covers Threat Detection, Incident Response, and Log Analysis, making it suitable for SOC Analysts and Blue Team professionals who want to work professionally in enterprise environments and defend infrastructure against advanced attacks.

Main Curriculum

The curriculum is divided into seven main sections

  • Defensive Security Fundamentals and SOC Operations
    • Defensive Security concepts
    • SOC Analyst role and responsibilities
    • SOC workflows and the incident lifecycle
    • Blue Team vs. Red Team perspective
  • Log Analysis and Detection Engineering
    • Log sources (Endpoints / Network / Applications)
    • Manual log analysis
    • Detection logic and use cases
    • Distinguishing between false positives and true positives
  • Incident Detection, Triage, and Response
    • Identifying security incidents
    • Alert triage and prioritization
    • Containment and initial response
    • Escalation and cross-team collaboration
  • Malware Analysis and Adversary Behavior
    • Malware analysis (high-level behavioral analysis)
    • Adversary tactics and techniques
    • Mapping attacks to the MITRE ATT&CK framework
    • Understanding attack patterns and attacker behaviors
  • Reporting, Communication, and Performance Metrics
    • Security incident documentation
    • Writing professional defensive and SOC reports
    • Communication with stakeholders
    • SOC performance metrics and continuous improvement
  • Threat Landscape and Attack Detection
    • Types of cyber threats
    • Attack stages
    • MITRE ATT&CK framework
    • Indicators of Compr
  • Threat Hunting Fundamentals
    • Threat hunting concepts
    • Hypothesis-driven hunting
    • IOC- and behavior-based hunting
    • Proactive defense techniques

Exam Details

  • Exam code: SOC-200 (OSDA)
  • Exam duration: 4 hours
  • Exam type: 100% practical
  • Number of questions: Multiple-choice questions + analytical scenarios + analysis of security files and events
  • Language: English
  • Passing score: 70%
  • Exam fee: USD 800 – 1,500 (may vary by country and may include taxes)
  • Certification validity: 3 years

Do I need certifications before it ?

No, not at all.

However, it is recommended to have a good understanding of information security fundamentals, attack analysis, and SOC and defensive security concepts, following Offensive Security methodologies.

Which certifications are recommended after this one ?

Not mandatory. However, for those seeking a strong career path in defensive security and security analysis
especially in attack detection, log analysis, and building defensive capabilities based on adversary techniques
the Offensive Security Defensive Analyst (OSDA) certification represents a strong foundation.

What are the main uses of the Offensive Security Defensive Analyst (OSDA) certification ?

  • Advanced Blue Team / SOC Level 2 & 3 – Deepening skills in advanced analysis, incident triage, and incident leadership.
  • Threat Hunting (eCTHP / Advanced Hunting) – Moving from reactive monitoring to proactive threat hunting.
  • Detection Engineering (SIEM / SOAR / Use Cases) – Building effective detection use cases and automating security response.
  • Incident Response & DFIR – Specializing in incident response and digital forensics.
  • Cloud Security Monitoring (AWS / Azure / GCP) – Extending defensive skills into cloud and hybrid environments.
  • Purple Teaming – Bridging offense and defense to improve detection capabilities based on adversary techniques.

Practical Professionalism in Defensive Analysis :

This certification serves as a strong entry point into the SOC domain, focusing on hands-on attack analysis, threat detection, and incident response.
Earning it qualifies you to work as a defensive security analyst and significantly enhances your career opportunities in cybersecurity, backed by Offensive Security recognition.

Who is this certification suitable for ?

  • Beginners or junior professionals in SOC and Blue Team roles.
  • SOC Analysts or Security Analysts seeking a strong practical foundation.
  • Individuals interested in hands-on hacking to understand attacks from the inside.
  • Those aiming to understand attacker techniques from a defensive perspective and convert them into detection and response mechanisms.
  • Students or cybersecurity professionals looking to start a solid defensive security career path.

In Short :

An excellent hands-on certification for building a strong foundation in defensive cybersecurity and attack analysis, offered by Offensive Security.

Get Certified Today

Register Now And Get Your Certificate