The Endolum Certified Cyber Defense Analyst (ECDA) certification demonstrates a candidate's ability to conduct incident response analysis using SIEM tools. Candidates must understand how SIEMs work, analyze logs from Windows and Linux systems, and trace the entire attack chain of a threat actor, including initial access, persistence mechanisms, privilege escalation, and data exfiltration.
| Price | Field | Prerequisites |
|---|---|---|
| 289 CHF | Cyber Defense | 3 Modules |
The candidate will work within an on-demand SIEM instance to perform an incident response. They must analyze security-relevant Windows and Linux logs to uncover how a threat actor gained initial access, what actions they performed, how they escalated privileges, persistence mechanisms used, and what data was exfiltrated. Understanding the full attack chain is essential. No VPN or remote Desktop Software is required, the vulnerable website are directly accessible by a modern browser.
The exam is conducted in an on-demand instance where candidates will have access to compromised systems and forensic images. They are required to analyze the provided data, uncover evidence of malicious activities, trace the threat actor's actions, and report on data exfiltration incidents. A stable internet connection is required. No VPN or remote Desktop Software is required, the vulnerable website are directly accessible by a modern browser.