Appointment

CSSA

TMG - CSSA

Shaping The Futures

CSSA

CERTIFIED SECURITY OPERATIONS & THREAT DETECTION ANALYST (CSSA)

Duration: 6 Months
Level: Beginner to Professional

Certification:
Delivered by TMG University | International Certification by Partner University
Capstone Included
Career Support Included

MODULE1: Cybersecurity Foundations and SOC Operations

1.1 Introduction to Cybersecurity

  • Evolution of Cybersecurity
  • Cybersecurity Domains
  • Current Threat Landscape
  • Cybercrime Economy
  • Security Governance

Practical Labs

  • Identifying attack surfaces
  • Security architecture review

1.2 Security Operations Centre (SOC)

Understanding SOC

  • Purpose of SOC
  • SOC Architecture
  • SOC Workflow
  • Security Monitoring Lifecycle

SOC Team Structure

  • L1 Analyst
  • L2 Analyst
  • L3 Analyst
  • Incident Responder
  • Threat Hunter
  • SOC Manager

SOC Metrics

  • MTTD
  • MTTR
  • False Positives
  • Detection Accuracy

1.3 SIEM Fundamentals

SIEM Architecture

  • Log Collection
  • Event Correlation
  • Alerting
  • Dashboards
  • Reporting

SIEM Comparison

  • Splunk
  • QRadar
  • Microsoft Sentinel
  • Elastic SIEM
  • LogRhythm

2.1 Networking Fundamentals

Network Types

  • LAN
  • WAN
  • MAN
  • VPN

Network Devices

  • Routers
  • Switches
  • Firewalls
  • IDS/IPS
  • Load Balancers

2.2 TCP/IP Deep Dive

OSI Model

  • Layer 1 to Layer 7

TCP/IP Model

  • Encapsulation
  • Packet Analysis

Protocol Analysis

  • HTTP
  • HTTPS
  • FTP
  • SSH
  • SMTP
  • DNS
  • SNMP
  • LDAP
  • SMB
  • Kerberos

2.3 Wireshark Analysis

Packet Inspection

  • Traffic Capture
  • TCP Handshake
  • DNS Queries
  • HTTP Requests

Threat Detection

  • Malware Communication
  • Beaconing
  • Data Exfiltration

Labs

 
  • Analyze PCAP Files
  • Detect Malicious Traffic

3.1 Windows Internals

  • Registry
  • Services
  • Processes
  • Scheduled Tasks
  • Event Logs

3.2 Active Directory Security

AD Components

  • Domain Controllers
  • Organizational Units
  • Group Policy

Authentication

  • NTLM
  • Kerberos

Common AD Attacks

  • Pass-the-Hash
  • Kerberoasting
  • Golden Ticket
  • Silver Ticket

Detection Techniques

Using Splunk and Sysmon

3.3 Linux Architecture

  • File System
  • Permissions
  • Processes
  • Cron Jobs

Log Analysis

 
  • Syslog
  • Auth Logs
  • Secure Logs

Linux Threat Hunting

  • Suspicious Users
  • Persistence Mechanisms
  • SSH Abuse

Cyber Kill Chain

MITRE ATT&CK Framework

Tactics

  • Initial Access
  • Execution
  • Persistence
  • Privilege Escalation
  • Defense Evasion
  • Credential Access
  • Discovery
  • Lateral Movement
  • Exfiltration

Mapping Real Attacks to ATT&CK

Malware Analysis Fundamentals

Malware Types

  • Trojans
  • Worms
  • Rootkits
  • Ransomware
  • Spyware

Malware Behaviour Analysis

Sandbox Analysis

  • Any.Run
  • Hybrid Analysis

Installation and Architecture

Components

  • Forwarders
  • Indexers
  • Search Heads

Data Onboarding

Index Management

Retention Policies

Performance Tuning

Splunk Security Best Practices

  • RBAC
  • Data Protection
  • User Management

Beginner SPL

  • Search
  • Stats
  • Table
  • Sort
  • Dedup

Intermediate SPL

  • Eval
  • Rex
  • Lookup
  • Timechart
  • Transaction

Advanced SPL

  • Subsearches
  • Joins
  • Macros
  • Event Correlation
  • Optimization

50+ SPL Labs

 

Windows Event Logs

Critical Event IDs

  • 4624
  • 4625
  • 4688
  • 4720
  • 4732
  • 4740

Sysmon

Event IDs

  • Process Creation
  • Network Connections
  • Registry Changes

Firewall Monitoring

DNS Monitoring

Proxy Logs

EDR Logs

Cloud Logs

Detection Logic Development

Creating Use Cases

  • Brute Force Detection
  • Ransomware Detection
  • Lateral Movement Detection

Correlation Rules

Alert Tuning

False Positive Reduction

Detection Validation

Incident Response Lifecycle

  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Lessons Learned

Memory Forensics

Volatility Framework

  • Process Analysis
  • Malware Discovery

Disk Forensics

  • Autopsy
  • FTK Concepts

Evidence Handling

  • Chain of Custody
  • Legal Considerations

Threat Intelligence Fundamentals

Intelligence Lifecycle

IOC Management

 

Threat Feeds

  • AlienVault OTX
  • MISP
  • VirusTotal

Threat Hunting Using Intelligence

IOC Correlation

Threat Enrichment

Indicator Validation

Threat Hunting Methodology

Hypothesis-Based Hunting

IOC-Based Hunting

Behaviour-Based Hunting

Detecting

  • APT Campaigns
  • Insider Threats
  • Ransomware
  • Living-off-the-Land Attacks

Threat Hunting Labs

Enterprise Dataset Investigation

Multi-Stage Attack Detection

AWS Security Monitoring

  • CloudTrail
  • GuardDuty
  • VPC Logs
 

Microsoft Azure Monitoring

  • Azure Sentinel
  • Azure Activity Logs

Google Cloud Logging

Cloud Threat Detection

SOAR Fundamentals

Playbooks

Automation Workflows

Case Management

Splunk SOAR

Automated Enrichment

Incident Automation

Threat Containment

Case Study 1

Ransomware Investigation

Case Study 2

APT Intrusion Investigation

Case Study 3

Business Email Compromise

Case Study 4

Insider Threat Investigation

Case Study 5

Data Exfiltration Investigation

Red Team vs Blue Team

Detection Validation

Adversary Emulation

MITRE ATT&CK Simulations

Incident Reports

Executive Reports

Technical Reports

Compliance Reporting

Client Communication

SOC Interview Preparation

500+ Interview Questions

  • Networking
  • Windows
  • Active Directory
  • Splunk
  • Incident Response

Resume Building

LinkedIn Optimization

HR Interview Preparation

Mock Interviews

Students will work as a SOC Analyst in a simulated enterprise environment.

Activities

  • Configure Splunk
  • Integrate Log Sources
  • Create Correlation Rules
  • Investigate Security Incidents
  • Perform Threat Hunting
  • Generate Executive Reports

Final Deliverables

  • SOC Deployment
  • Detection Rules
  • Incident Investigation Report
  • Threat Hunting Report
  • Dashboard Development

BONUS MODULES

Security Onion

Wazuh SIEM

Microsoft Sentinel

CrowdStrike EDR

Velociraptor

DFIR Basics

ChatGPT & AI for SOC Analysts

Building AI-Powered Detection Use Cases

SOC Analyst Productivity Automation

Certification Outcome

After completing CSSA, students will be able to:

  • Work as SOC Analyst L1/L2
  • Perform Threat Hunting
  • Conduct Incident Response
  • Build SIEM Detection Rules
  • Analyze Malware Behaviour
  • Monitor Cloud Infrastructure
  • Use Splunk Enterprise Professionally
  • Prepare for Splunk Certified SOC Analyst
  • Prepare for Security+, CySA+, and Blue Team certifications
  • Handle real-world enterprise SOC operations

TMG University is a modern learning initiative built to bridge the gap between aspiring learners and global education opportunities.

Instagram Linkedin

Courses

Courses

USA: 117 South Lexington Street STE 100, Harrisonville, MO 64701

support@tmguni.com

+1 (456) 278-4787

© 2026 TMG Uni. All Rights Reserved. Designed & Developed by TMG University Team.

Request a Call Back