HTB Certified Defensive Security Analyst

Intermediate Practical SOC/DFIR case exam + report Pass: Report/objective quality based; exact threshold n… $210

CDSA validates practical blue-team skills across SOC triage, threat hunting, and incident response reporting. 2026 prep should prioritize query fluency, investigation timelines, and decision justification.

Official Page

IssuerHackTheBox

FormatPractical SOC/DFIR case exam + report

DurationUp to 7 days (indicative)

Pass ScoreReport/objective quality based; exact threshold n…

Overview Syllabus (5) Tools (7) Cheat Sheets (2) Labs (3)

Full Syllabus

SOC Triage & Log Analysis 25%

Alert validation, timeline construction, and noise reduction.

Threat Hunting & Detection Engineering 20%

Hypothesis-driven hunts, query logic, and rule tuning.

Incident Response Workflow 20%

Containment, eradication, evidence handling and stakeholder updates.

DFIR Artifact Analysis 20%

Host/network artifacts, persistence traces, and attacker activity reconstruction.

Reporting & Post-Incident Improvement 15%

Actionable incident reports, root-cause and control-improvement roadmap.