CDSA
HackTheBox

HTB Certified Defensive Security Analyst

Intermediate Practical SOC/DFIR case exam + report Pass: Report/objective quality based; exact threshold n… $210

CDSA validates practical blue-team skills across SOC triage, threat hunting, and incident response reporting. 2026 prep should prioritize query fluency, investigation timelines, and decision justification.

Official Page
IssuerHackTheBox
FormatPractical SOC/DFIR case exam + report
DurationUp to 7 days (indicative)
Pass ScoreReport/objective quality based; exact threshold n…
Overview Syllabus (5) Tools (7) Cheat Sheets (2) Labs (3)
Prerequisites
Recommended: SOC workflow familiarity, log query fundamentals, Windows event knowledge, and incident lifecycle understanding.
Syllabus Overview

5 exam domains — click "Syllabus" tab for full breakdown

SOC Triage & Log Analysis 25%
Threat Hunting & Detection Engineering 20%
Incident Response Workflow 20%
DFIR Artifact Analysis 20%
Reporting & Post-Incident Improvement 15%
More from HackTheBox
CPTS
HTB Certified Penetration Testing Specialist
Advanced
 CBBH
HTB Certified Bug Bounty Hunter
Intermediate
 CWEE
HTB Certified Web Exploitation Expert
Expert