Security Analyst Intro

Triage Specialist

SOC responsibilities:

• SIEM (Security information & event management)

• Reporting

• Ticketing

• Log Collection

• Knowledge Base

• Research & Development

• Aggregation & Correlation

• Threat Intelligence

Preparation & Prevention

• Stay informed of current cyber threats

• Detect & hunt threats

• Create security roadmap

• Gather intelligence data on latest threats & associated TTP's

• Maintain firewall signatures

• Patch vulnerabilities

• Block and safe-list apps, email addresses, IPs

Monitoring and Investigation

• Use SIEM & EDR tools to monitor network activities

• Prioritize alerts based on low, medium, high, & critical levels

• Understand how, when, & why certain attacks work to mitigate threats

• Coordinate and take action to isolate threat

Day in the Life of a Security Analyst

Demo

What was the malicious IP address in the alerts?

Malicious IP

To whom did you escalate the event associated with the malicious IP address?

SOC Team Lead

Blocking the malicious IP address on the firewall:

IP Block