The CSA Certified SOC Analyst teaches you how to manage a Security Operations Centre (SOC) and detect, analyse and respond to security incidents. The training covers all three SOC analysis levels: triage (level 1), in-depth analysis (level 2) and threat hunting (level 3). CSA includes extensive labs in a simulated SOC environment and prepares for the EC-Council Certified SOC Analyst certification (exam code 312-39v2). Ideal starting point for a career in a Security Operations Centre.

E-learning via the official EC-Council iClass platform

The CSA at OEM is an official EC-Council iLearn e-learning: completely self-paced, at your own speed, 365 days access. You learn through professionally recorded video lectures by EC-Council Certified Instructors, combined with extensive hands-on labs in a simulated SOC environment. Start immediately after activation.

OEM offers the lowest price for official EC-Council e-learning in the Netherlands. Found the same training cheaper elsewhere? We'll match that price.

Who is this e-learning for?

Suitable for (aspiring) SOC analysts (level 1, 2 and 3), network administrators, cybersecurity professionals and anyone who wants to work in or set up a SOC. Basic knowledge of networking and information security is recommended.

What will you learn in the CSA e-learning?

• Understand and implement SOC processes, roles and responsibilities
• Detect and analyse security incidents via SIEM platforms
• Perform network and host-based log analysis for threat detection
• Identify and correlate Indicators of Compromise (IoCs)
• Perform incident triage and apply escalation procedures
• Recognise attack patterns with MITRE ATT&CK
• Conduct threat hunting based on behavioural analysis
• Implement SOC automation with SOAR
• Produce incident response reports
• Measure SOC metrics: MTTD, MTTR and detection rate

CSA course content

• SOC architecture and operations: roles, processes and technologies
• Implementing security monitoring with SIEM
• Analysing network logs: firewall, IDS/IPS, proxy and DNS logs
• Analysing endpoint logs: Windows Event Logs and Sysmon
• Alert triage: distinguishing true positives from false positives
• Recognising attack patterns with MITRE ATT&CK
• Detecting network attacks: port scans, brute force and data exfiltration
• Detecting web application attacks: SQL injection, XSS and beaconing
• Analysing malware behaviour via behavioural analysis and sandbox
• Executing incident response procedures: containment, eradication and recovery
• Implementing SOAR automation

Exam and certification

The CSA exam (312-39v2) consists of 100 multiple choice questions and lasts 3 hours. The exam is taken via the EC-Council ECC Exam Centre (online). The certification is valid for 3 years.

What is included?

• Official EC-Council CSA e-course materials
• Hands-on labs in a simulated SOC environment
• Exam voucher for the CSA exam (312-39v2)
• 365 days access to the iClass learning platform
• Online mentor for technical questions for 90 or 365 days after activation
• Certificate of participation

SLIM subsidy

As a Dutch SME, you may be eligible for the SLIM subsidy for ICT training. The Dutch government reimburses 60% of your training costs, up to a maximum of €24,999. Period 2 opens 10 August 2026.

Related training courses

• CTIA: Certified Threat Intelligence Analyst - logical next step after CSA
• ECIH v2: Certified Incident Handler
• CND v3: Certified Network Defender - recommended preparation

Request a quote via our quote form or contact us via our contact page. Or ask Sanne, our AI assistant - available 24/7 via the blue icon at the bottom right of the page.