SOC LEVEL 1
  • Path 1
    • Cyber Defense Framework
      • Security Analyst Intro
      • Pyramid of Pain
      • Cyber Kill Chain
      • Unified Kill Chain
      • Diamond Model
      • MITRE
  • PATH 2
    • Cyber Threat Intelligence
      • Intro to Cyber Threat Intel
      • Threat Intelligence Tools
      • Yara
      • OpenCTI
      • MISP
  • PATH 3
    • Network Security and Traffic Analysis
      • Traffic Analysis Essentials
      • Snort
      • Snort Challenge - The Basics
      • Snort Challenge - Live Attacks
      • NetworkMiner
      • Zeek
      • Zeek Exercises
      • Brim
      • Wireshark: The Basics
      • Wireshark: Packet Operations
      • Wireshark: Traffic Analysis
  • PATH 4
    • Endpoint Security Monitoring
      • Intro to Endpoint Security
      • Core Windows Processes
      • Sysinternals
      • Windows Event Logs
      • Sysmon
      • Osquery: The basics
      • Wazuh
  • PATH 5
    • Security Information and Event Management
      • Introduction to SIEM
      • Investigating with ELK 101
      • ItsyBitsy
      • Splunk: Basics
      • Incident Handling with Splunk
      • Investigating with Splunk
      • Benign
  • PATH 6
    • Digital Forensics and Incident Response
      • DFIR: An Introduction
      • Windows Forensics 1
      • Windows Forensics 2
      • Linux Forensics
      • Autopsy
      • Redline
      • Kape
      • Volatility
      • Velociraptor
      • TheHive Project
      • Intro to Malware Analysis
  • PATH 7
    • Phishing
      • Phishing Analysis Fundamentals
      • Phishing Emails in Action
      • Phishing Analysis Tools
      • Phishing Prevention
      • The Greenholt Phish
Powered by GitBook
On this page
  1. Path 1
  2. Cyber Defense Framework

Security Analyst Intro

Triage Specialist

PreviousCyber Defense FrameworkNextPyramid of Pain

Last updated 2 years ago

SOC responsibilities:

  • SIEM (Security information & event management)

  • Reporting

  • Ticketing

  • Log Collection

  • Knowledge Base

  • Research & Development

  • Aggregation & Correlation

  • Threat Intelligence

Preparation & Prevention

  • Stay informed of current cyber threats

  • Detect & hunt threats

  • Create security

  • Gather intelligence data on latest threats & associated TTP's

  • Maintain firewall signatures

  • Patch vulnerabilities

  • Block and safe-list apps, email addresses, IPs

Monitoring and Investigation

  • Use SIEM & EDR tools to monitor network activities

  • Prioritize alerts based on low, medium, high, & critical levels

  • Understand how, when, & why certain attacks work to mitigate threats

  • Coordinate and take action to isolate threat

Day in the Life of a Security Analyst

What was the malicious IP address in the alerts?

To whom did you escalate the event associated with the malicious IP address?

Blocking the malicious IP address on the firewall:

roadmap
Demo
Malicious IP
SOC Team Lead
IP Block