ECDA

The Endolum Certified Cyber Defense Analyst (ECDA) certification demonstrates a candidate's ability to conduct incident response analysis using SIEM tools. Candidates must understand how SIEMs work, analyze logs from Windows and Linux systems, and trace the entire attack chain of a threat actor, including initial access, persistence mechanisms, privilege escalation, and data exfiltration.

Price Field Prerequisites
390 CHF Cyber Defense 3 Modules

Target Audience

  • Red Teamers
  • Pen Testers
  • Security Analysts
  • Threat Hunters
  • Detection Engineers

Requirements

  • Incident Response at Scale
  • Windows Event Logs
  • Threat Actors' Threat Patterns

The Exam

The candidate will work within an on-demand SIEM instance to perform an incident response. They must analyze security-relevant Windows and Linux logs to uncover how a threat actor gained initial access, what actions they performed, how they escalated privileges, persistence mechanisms used, and what data was exfiltrated. Understanding the full attack chain is essential.

Learning Outcomes

  • Conduct comprehensive incident response in a SIEM environment.
  • Analyze and interpret Windows and Linux logs to identify security incidents.
  • Trace the attack chain of threat actors, including techniques and tactics used.
  • Identify persistence mechanisms and privilege escalation methods.

Preparation Materials

  • Incident Response at Scale
  • Windows Event Logs
  • Threat Actors' Threat Patterns