Rating: ★★★⯪☆ (3,5 of 5 stars)
I recently gave it a try and successfully conducted my OSDA exam. 🎉
I would rate the overall experience of the certification with 3,5 / 5 stars - also considering the price. The rating has several reasons:
-
The theory part is heavily focussing on PowerShell and parsing of Event Logs with PowerShell. This gave me the impression that this would be a crucial part of the exam as well - which was not the case. The Event Logs in Windows are an important source, but not the only one. Additionally parsing the Event logs with Powershell is sometimes cumbersome but other tools for achieving the same goal weren´t mentioned at all. Nothing mentioned about triage and analysis of artifacts with specialized tools. This gave me the impression that the course is quite unilateral.
-
The SIEM for the course is ELK. And for the exam solely the ELK SIEM is relevant. But in the theory part just the last 2 chapters are dealing with the ELK SIEM. The previous chapters are focussing on Powershell. The theory content felt a bit unrelated to the practical part (labs and exam).
-
I somehow missed the part of having a closer look at the artifacts. The visibility with ELK is limited and in some cases it more seems like guessing. Actually pulling the artifacts for analysis wasn´t part of the course and was also not possible with the ELK SIEM.
Overall I think the course is valueable for getting into the SOC area and what to look for during basic attacks. I would anyhow just partially recommend the course due to its price and the little value it provides for more seasoned Cybersecurity people.