Premium Subscription
Unlock the IR Learning Path while enjoying a subscriber voucher discount.
The eCIR summary explains detection, investigation, and certification guidance for incident responders.
eCIR Certification
Certified Incident Responder
eCIR prepares SOC professionals to turn detection, analysis, and response telemetry into decisive actions against evolving threats.
The Exam
The eCIR certification validates the hands-on KSAs SOC operators need to detect, contain, and document incidents.
About the Certification Exam
Working inside a realistic breach simulation, you use SOC tooling to detect threats, investigate findings, and record evidence before handing off to reviewers.
- Analyze PCAPs
- Correlate multi-source logs
- Evaluate persistence methods
- Attribute APT activity
Domains + Objectives
The eCIR exam assesses practical skills across five critical domains:
Endpoint & Network Analysis (35%)
Threat Detection & SIEM Operations (20%)
Digital Forensics & Evidence-Based Analysis (20%)
Reporting & Communication (15%)
Threat Intelligence & Attribution (10%)
Endpoint & Network Analysis (35%)
- Assess endpoint telemetry
- Perform traffic analysis
Threat Detection & SIEM Operations (20%)
- Operate SIEM tooling
- Detect adversary activity
Digital Forensics & Evidence-Based Analysis (20%)
- Execute forensic workflows
- Preserve and package evidence
Reporting & Communication (15%)
- Document findings clearly
- Explain risk and impact
Threat Intelligence & Attribution (10%)
- Apply threat intelligence
- Attribute activity to adversaries
Who It's For
Intermediate incident detection, analysis, and response professionals who need hands-on validation of their SOC readiness.
Anyone can attempt the certification exam; however, it is designed for:
- Aspiring Incident Responders
- SOC Analysts (Tier 1 & Tier 2)
- IT Security Personnel
- Red Teamers and Penetration Testers
Get eCIR Certified
Pair a subscription with the eCIR voucher so you can align training and the exam attempt in one flow.
50% off Voucher
Get Started
eCIR Voucher IncludedGet Started
eCIR + Prep Bundle
Three months of the incident response labs and instruction bundled with the voucher.
Already a subscriber? The eCIR voucher purchase is available through the Premium portal.purchasing the eCIR voucher
The Process
Follow this workflow to move from voucher purchase to earning the eCIR.
Shop Certification VouchersTo earn the eCIR Certification, follow these steps:
1
Purchase a certification exam voucher
Secure the eCIR voucher through the checkout.
2
Start preparing
Move through incident response labs while the voucher remains valid (180 days).
3
Take your exam
Execute the simulated breach response before time expires.
4
Receive your results
Official scores arrive quickly so you can celebrate or adjust next steps.
Valid for three years; refresh the credential through flexible renewal options when you are ready.