SlideShare a Scribd company logo

Security Operations Center Analyst Presentation

Download as PPTX, PDF
K
kundansaraf1

This document provides an overview of the responsibilities and training required for a junior security analyst in a Security Operations Center (SOC). It covers essential topics such as cyber defense frameworks, threat intelligence, endpoint security, and incident response, emphasizing the importance of legal and ethical considerations in ethical hacking. The presentation features links for further learning and highlights the critical role of SOC analysts in monitoring and responding to cybersecurity threats.

Technology
Related topics:
Security Operations
1 of 16
Download to read offline
1
2
3
4
5
6
Most read
7
8
Most read
9
10
11
12
13
14
Most read
15
16
SOC ANALYST 1 By Dr. Kundan Saraf Ph.D. in Cyber Security (Pursuing)
Disclaimer • This presentation and video is for informational and educational purpose only, and for those who’re willing and curious to know and learn about Ethical Hacking, Security and Penetration Testing. The word “Hacking” that is used in this presentation or video shall be regarded as Ethical Hacking. • Do not attempt to violate the law with anything contained here. We will not be responsible for your any illegal actions. • The misuse of the information in this presentation or video can result in criminal charges brought against the persons in question. We will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law. • You shall not misuse the information to gain unauthorised access. However you may try out these hacks on your own computer at your own risk. Performing hack attempts (without permission) on computers that you do not own is illegal. • This presentation or video contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this content, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using, or in any other way utilizing these materials. • All the information in this presentation and video are meant for developing Hacker Defence attitude among the users and help preventing the hack attacks. We insists that these information shall not be used for causing any kind of damage directly or indirectly.
Course Name Junior Security Analyst OR Security Operations Center (SOC) Analyst 1 Free Training of SOC Level 1 & SOC Level 2 https:// www.linkedin.com/posts/mussadiq-khan_cybersecurity-handsontraining-soc-activity-7233535363355406336-G-4X?utm_source= share&utm_medium=member_android
L1 SOC Analyst – Way to Access labs • Open your browser and insert below given URL. • https://tryhackme.com/r/path/outline/soclevel1
Junior Security Analyst Course Introduction • In the Junior Security Analyst role, you will be a Triage Specialist. You will spend a significant portion of your time triaging or monitoring the event logs and alerts. • The responsibilities of a Junior Security Analyst or Tier 1 SOC Analyst include the following: – Monitor and investigate alerts (most of the time, it's a 24x7 SOC operations environment) – Configure and manage security tools – Develop and implement IDS signatures – Escalate the security incidents to the Tier 2 and Team Lead if needed • Section 1 - Cyber Defence Frameworks – Junior Security Analyst Intro – Pyramid Of Pain – Cyber Kill Chain – Unified Kill Chain – Diamond Model – MITRE – Summit – Eviction • Section 2 - Cyber Threat Intelligence – Intro to Cyber Threat Intel – Threat Intelligence Tools – Yara – OpenCTI – MISP – Friday Overtime – Trooper
Junior Security Analyst Course Introduction • Section 3 - Network Security and Traffic Analysis – Traffic Analysis Essentials – Snort – Snort Challenge - The Basics – Snort Challenge - Live Attacks – NetworkMiner – Zeek – Zeek Exercises – Brim – Wireshark: The Basics – Wireshark: Packet Operations – Wireshark: Traffic Analysis – TShark: The Basics – TShark: CLI Wireshark Features – TShark Challenge I: Teamwork – TShark Challenge II: Directory • Section 4 - Endpoint Security Monitoring – Intro to Endpoint Security – Core Windows Processes – Sysinternals – Windows Event Logs – Sysmon – Osquery: The Basics – Wazuh – Monday Monitor – Retracted • Section 5 - Security Information and Event Management – Introduction to SIEM – Investigating with ELK 101 – ItsyBitsy – Splunk: Basics – Incident handling with Splunk – Investigating with Splunk – Benign
Junior Security Analyst Course Introduction • Section 6 - Digital Forensics and Incident Response – DFIR: An Introduction – Windows Forensics 1 – Windows Forensics 2 – Linux Forensics – Autopsy – Redline – KAPE – Volatility – Velociraptor – TheHive Project – Intro to Malware Analysis – Unattended – Disgruntled – Critical – Secret Recipe • Section 7 - Phishing – Phishing Analysis Fundamentals – Phishing Emails in Action – Phishing Analysis Tools – Phishing Prevention – The Greenholt Phish – Snapped Phish-ing Line • Section 8 - SOC Level 1 Capstone Challenges – Tempest – Boogeyman 1 – Boogeyman 2 – Boogeyman 3
Junior Security Analyst Intro • In the Junior Security Analyst role, you will be a Triage Specialist. • You will spend a lot of time triaging or monitoring the event logs and alerts. Responsibilities of Junior Security Analyst or Tier 1 SOC Analyst • Monitor and investigate the alerts (most of the time, it's a 24x7 SOC operations environment) • Configure and manage the security tools • Develop and implement basic IDS (Intrusion Detection System) signatures • Participate in SOC working groups, meetings • Create tickets and escalate the security incidents to the Tier 2 and Team Lead if needed Required qualifications (most common) • 0-2 years of experience with Security Operations • Basic understanding of Networking (OSI model (Open Systems Interconnection Model) or TCP/IP model (Transmission Control Protocol/Internet Protocol Model)) • Operating Systems (Windows, Linux) • Scripting/programming skills are a plus Reference for IDS = https://www.barracuda.com/support/glossary/intrusion-detection-system
Desired certification for Junior Security Analyst • CompTIA Security + Based on the knowledge SOC Analyst 1, will eventually move up to Tier 2 and Tier 3. An overview of the Security Operations Center (SOC) Three-Tier Model
What is SOC?
What is SOC? • The core function of a SOC (Security Operations Center) is to investigate, monitor, prevent, and respond to threats in the cyber realm 24/7 or around the clock. • Per McAfee's definition of a SOC, • "Security operations teams are charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems, and brand integrity. As the implementation component of an organisation's overall cyber security framework, security operations teams act as the central point of collaboration in coordinated efforts to monitor, assess, and defend against cyberattacks".
Preparation and Prevention • The number of people working in the SOC can vary depending on the organisation's size. • As a Junior Security Analyst, you should stay informed of the current cyber security threats (Twitter and Feedly can be great resources to keep up with the news related to Cybersecurity). • It's crucial to detect and hunt threats, work on a security roadmap to protect the organisation, and be ready for the worst-case scenario. • Prevention methods include gathering intelligence data on the latest threats, threat actors, and their TTPs (Tactics, Techniques, and Procedures). • It also includes the maintenance procedures like updating the firewall signatures, patching the vulnerabilities in the existing systems, block-listing and safe-listing applications, email addresses, and IPs. • To better understand the TTPs, you should look into one of the CISA's (Cybersecurity & Infrastructure Security Agency) alerts on APT40 (Chinese Advanced Persistent Threat). • Refer to the following link for more information, https://us-cert.cisa.gov/ncas/alerts/aa21-200a
Alert Severity Vs Service Level Agreement (SLA) Alert Severity Service Level Agreement (SLA) Low 24 hours Medium 12 hours High 1 hour Critical 15 minutes SLA Breach Impact 1. Website / Server can be hacked. 2. You broke the policy and agreement, hence your company needs to pay 4 Lakh rupees for each SLA breach. 3. If you breach SLA more than 3 times, your company may terminate you. 4. Your company is at very high risk of cyber-attack because of SLA breach
TTPs Within Cyber Threat Intelligence • Tactics, techniques and procedures (TTPs) are the “patterns of activities or methods associated with a specific threat actor or group of threat actors.” • Analysis of TTPs aids in counterintelligence and security operations by describing how threat actors perform attacks. • TTPs describe how threat actors (the bad guys) orchestrate, execute and manage their operations attacks. (“Tactics” is also sometimes called “tools” in the acronym.) • Specifically, TTPs are defined as the “patterns of activities or methods associated with a specific threat actor or group of threat actors,” according to the Definitive Guide to Cyber Threat Intelligence. TTP = https://www.optiv.com/explore-optiv-insights/blog/tactics-techniques-and-procedures-ttps-within-cyber-threat-intelligence
Monitoring and Investigation • A SOC team proactively uses SIEM (Security information and event management) and EDR (Endpoint Detection and Response) tools to monitor suspicious and malicious network activities. Imagine being a firefighter and having a multi-alarm fire - one-alarm fires, two-alarm fires, three-alarm fires; the categories classify the seriousness of the fire, which is a threat in our case. • As a Security Analyst, you will learn how to prioritise the alerts based on their level: Low, Medium, High, and Critical. • Of course, it is an easy guess that you will need to start from the highest level (Critical) and work towards the bottom - Low-level alert. • Having properly configured security monitoring tools in place will give you the best chance to mitigate the threat. • Junior Security Analysts play a crucial role in the investigation procedure. They perform triaging on the ongoing alerts by exploring and understanding how a certain attack works and preventing bad things from happening if they can. Reference – What is SIEM? - https://www.trellix.com/security-awareness/operations/what-is-siem/ What Is Endpoint Detection and Response? – https://www.trellix.com/security-awareness/endpoint/what-is-endpoint-detection-and-response/
Monitoring and Investigation • During the investigation, it's important to raise the question "How? When, and why?". Security Analysts find the answers by drilling down on the data logs and alerts in combination with using open-source tools, which we will have a chance to explore later in this path. Response • After the investigation, the SOC team coordinates and takes action on the compromised hosts, which involves isolating the hosts from the network, terminating the malicious processes, deleting files, and more.

More Related Content

PPTX
6 Steps for Operationalizing Threat Intelligence
Sirius
 
PPTX
What is SIEM
Patten John
 
PPTX
SOC Architecture Workshop - Part 1
Priyanka Aash
 
PPTX
SOAR and SIEM.pptx
Ajit Wadhawan
 
PPTX
SIEM presentation final
Rizwan S
 
PPTX
Introduction to SOC
Boni Yeamin
 
PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
6 Steps for Operationalizing Threat Intelligence
Sirius
 
What is SIEM
Patten John
 
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SOAR and SIEM.pptx
Ajit Wadhawan
 
SIEM presentation final
Rizwan S
 
Introduction to SOC
Boni Yeamin
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 

What's hot (20)

PDF
[Warsaw 26.06.2018] SDL Threat Modeling principles
OWASP
 
PDF
Detection and Response Roles
Florian Roth
 
PPTX
Insight into SOAR
DNIF
 
PDF
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
PPTX
QRadar, ArcSight and Splunk
M sharifi
 
PPTX
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
PPTX
SIEM 101: Get a Clue About IT Security Analysis
AlienVault
 
PDF
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
PPTX
information security awareness course
Abdul Manaf Vellakodath
 
PPTX
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
PPTX
Pertemuan 3-EVENT SAMPLING & TIME SAMPLING
SiscaAdinda
 
PPTX
Blue Teaming On A Budget
KevinRiley83
 
PPTX
Introduction to SIEM.pptx
neoalt
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
PPTX
Threat Hunting with Splunk
Splunk
 
PDF
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
PPTX
The Elastic Stack as a SIEM
John Hubbard
 
PPTX
Soc 2 attestation or ISO 27001 certification - Which is better for organization
VISTA InfoSec
 
PPTX
Phishing Incident Response Playbook
Naushad CEH, CHFI, MTA, ITIL
 
[Warsaw 26.06.2018] SDL Threat Modeling principles
OWASP
 
Detection and Response Roles
Florian Roth
 
Insight into SOAR
DNIF
 
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
QRadar, ArcSight and Splunk
M sharifi
 
Best Practices for Configuring Your OSSIM Installation
AlienVault
 
SIEM 101: Get a Clue About IT Security Analysis
AlienVault
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
information security awareness course
Abdul Manaf Vellakodath
 
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
Pertemuan 3-EVENT SAMPLING & TIME SAMPLING
SiscaAdinda
 
Blue Teaming On A Budget
KevinRiley83
 
Introduction to SIEM.pptx
neoalt
 
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Threat Hunting with Splunk
Splunk
 
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
The Elastic Stack as a SIEM
John Hubbard
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
VISTA InfoSec
 
Phishing Incident Response Playbook
Naushad CEH, CHFI, MTA, ITIL
 
Ad

Similar to Security Operations Center Analyst Presentation (20)

PDF
SOC Analyst Interview Questions & Answers.pdf
infosec train
 
PPTX
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
PDF
Alienvault how to build a security operations center (on a budget) (2017, a...
Al Syihab
 
PDF
security operations center by Manage Engigne
hackeronehero
 
PPTX
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
PDF
𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!
Mansi Kandari
 
PDF
Unlock Your Ultimate SOC Career Guide - Infosectrain
infosecTrain
 
PDF
The Ultimate Security Operations Center Career Guide
priyanshamadhwal2
 
PDF
Best SOC Career Guide InfosecTrain .pdf
infosec train
 
PDF
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
PPTX
RMS Security Breakfast
Rackspace
 
PDF
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
InfosecTrain Education
 
PDF
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
infosecTrain
 
PDF
CA_Module_2.pdf
EhabRushdy1
 
PDF
Cybersecurity_Security_architecture_2023.pdf
abacusgtuc
 
PPTX
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
PPTX
chapter 3 ethics: computer and internet crime
muhammad awais
 
DOCX
Who is Cybersecurity Analyst? How to be a Cybersecurity Analyst
bhawnagcetl
 
PDF
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
Varun Mithran
 
PDF
Certified SOC Analyst
SagarNegi10
 
SOC Analyst Interview Questions & Answers.pdf
infosec train
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Alienvault how to build a security operations center (on a budget) (2017, a...
Al Syihab
 
security operations center by Manage Engigne
hackeronehero
 
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!
Mansi Kandari
 
Unlock Your Ultimate SOC Career Guide - Infosectrain
infosecTrain
 
The Ultimate Security Operations Center Career Guide
priyanshamadhwal2
 
Best SOC Career Guide InfosecTrain .pdf
infosec train
 
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
RMS Security Breakfast
Rackspace
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
InfosecTrain Education
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
infosecTrain
 
CA_Module_2.pdf
EhabRushdy1
 
Cybersecurity_Security_architecture_2023.pdf
abacusgtuc
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
chapter 3 ethics: computer and internet crime
muhammad awais
 
Who is Cybersecurity Analyst? How to be a Cybersecurity Analyst
bhawnagcetl
 
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
Varun Mithran
 
Certified SOC Analyst
SagarNegi10
 
Ad

Recently uploaded (20)

PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
MYSQL Presentation for SQL database connectivity
Swati270511
 

Security Operations Center Analyst Presentation

  • 1. SOC ANALYST 1 By Dr. Kundan Saraf Ph.D. in Cyber Security (Pursuing)
  • 2. Disclaimer • This presentation and video is for informational and educational purpose only, and for those who’re willing and curious to know and learn about Ethical Hacking, Security and Penetration Testing. The word “Hacking” that is used in this presentation or video shall be regarded as Ethical Hacking. • Do not attempt to violate the law with anything contained here. We will not be responsible for your any illegal actions. • The misuse of the information in this presentation or video can result in criminal charges brought against the persons in question. We will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law. • You shall not misuse the information to gain unauthorised access. However you may try out these hacks on your own computer at your own risk. Performing hack attempts (without permission) on computers that you do not own is illegal. • This presentation or video contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this content, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using, or in any other way utilizing these materials. • All the information in this presentation and video are meant for developing Hacker Defence attitude among the users and help preventing the hack attacks. We insists that these information shall not be used for causing any kind of damage directly or indirectly.
  • 3. Course Name Junior Security Analyst OR Security Operations Center (SOC) Analyst 1 Free Training of SOC Level 1 & SOC Level 2 https:// www.linkedin.com/posts/mussadiq-khan_cybersecurity-handsontraining-soc-activity-7233535363355406336-G-4X?utm_source= share&utm_medium=member_android
  • 4. L1 SOC Analyst – Way to Access labs • Open your browser and insert below given URL. • https://tryhackme.com/r/path/outline/soclevel1
  • 5. Junior Security Analyst Course Introduction • In the Junior Security Analyst role, you will be a Triage Specialist. You will spend a significant portion of your time triaging or monitoring the event logs and alerts. • The responsibilities of a Junior Security Analyst or Tier 1 SOC Analyst include the following: – Monitor and investigate alerts (most of the time, it's a 24x7 SOC operations environment) – Configure and manage security tools – Develop and implement IDS signatures – Escalate the security incidents to the Tier 2 and Team Lead if needed • Section 1 - Cyber Defence Frameworks – Junior Security Analyst Intro – Pyramid Of Pain – Cyber Kill Chain – Unified Kill Chain – Diamond Model – MITRE – Summit – Eviction • Section 2 - Cyber Threat Intelligence – Intro to Cyber Threat Intel – Threat Intelligence Tools – Yara – OpenCTI – MISP – Friday Overtime – Trooper
  • 6. Junior Security Analyst Course Introduction • Section 3 - Network Security and Traffic Analysis – Traffic Analysis Essentials – Snort – Snort Challenge - The Basics – Snort Challenge - Live Attacks – NetworkMiner – Zeek – Zeek Exercises – Brim – Wireshark: The Basics – Wireshark: Packet Operations – Wireshark: Traffic Analysis – TShark: The Basics – TShark: CLI Wireshark Features – TShark Challenge I: Teamwork – TShark Challenge II: Directory • Section 4 - Endpoint Security Monitoring – Intro to Endpoint Security – Core Windows Processes – Sysinternals – Windows Event Logs – Sysmon – Osquery: The Basics – Wazuh – Monday Monitor – Retracted • Section 5 - Security Information and Event Management – Introduction to SIEM – Investigating with ELK 101 – ItsyBitsy – Splunk: Basics – Incident handling with Splunk – Investigating with Splunk – Benign
  • 7. Junior Security Analyst Course Introduction • Section 6 - Digital Forensics and Incident Response – DFIR: An Introduction – Windows Forensics 1 – Windows Forensics 2 – Linux Forensics – Autopsy – Redline – KAPE – Volatility – Velociraptor – TheHive Project – Intro to Malware Analysis – Unattended – Disgruntled – Critical – Secret Recipe • Section 7 - Phishing – Phishing Analysis Fundamentals – Phishing Emails in Action – Phishing Analysis Tools – Phishing Prevention – The Greenholt Phish – Snapped Phish-ing Line • Section 8 - SOC Level 1 Capstone Challenges – Tempest – Boogeyman 1 – Boogeyman 2 – Boogeyman 3
  • 8. Junior Security Analyst Intro • In the Junior Security Analyst role, you will be a Triage Specialist. • You will spend a lot of time triaging or monitoring the event logs and alerts. Responsibilities of Junior Security Analyst or Tier 1 SOC Analyst • Monitor and investigate the alerts (most of the time, it's a 24x7 SOC operations environment) • Configure and manage the security tools • Develop and implement basic IDS (Intrusion Detection System) signatures • Participate in SOC working groups, meetings • Create tickets and escalate the security incidents to the Tier 2 and Team Lead if needed Required qualifications (most common) • 0-2 years of experience with Security Operations • Basic understanding of Networking (OSI model (Open Systems Interconnection Model) or TCP/IP model (Transmission Control Protocol/Internet Protocol Model)) • Operating Systems (Windows, Linux) • Scripting/programming skills are a plus Reference for IDS = https://www.barracuda.com/support/glossary/intrusion-detection-system
  • 9. Desired certification for Junior Security Analyst • CompTIA Security + Based on the knowledge SOC Analyst 1, will eventually move up to Tier 2 and Tier 3. An overview of the Security Operations Center (SOC) Three-Tier Model
  • 11. What is SOC? • The core function of a SOC (Security Operations Center) is to investigate, monitor, prevent, and respond to threats in the cyber realm 24/7 or around the clock. • Per McAfee's definition of a SOC, • "Security operations teams are charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems, and brand integrity. As the implementation component of an organisation's overall cyber security framework, security operations teams act as the central point of collaboration in coordinated efforts to monitor, assess, and defend against cyberattacks".
  • 12. Preparation and Prevention • The number of people working in the SOC can vary depending on the organisation's size. • As a Junior Security Analyst, you should stay informed of the current cyber security threats (Twitter and Feedly can be great resources to keep up with the news related to Cybersecurity). • It's crucial to detect and hunt threats, work on a security roadmap to protect the organisation, and be ready for the worst-case scenario. • Prevention methods include gathering intelligence data on the latest threats, threat actors, and their TTPs (Tactics, Techniques, and Procedures). • It also includes the maintenance procedures like updating the firewall signatures, patching the vulnerabilities in the existing systems, block-listing and safe-listing applications, email addresses, and IPs. • To better understand the TTPs, you should look into one of the CISA's (Cybersecurity & Infrastructure Security Agency) alerts on APT40 (Chinese Advanced Persistent Threat). • Refer to the following link for more information, https://us-cert.cisa.gov/ncas/alerts/aa21-200a
  • 13. Alert Severity Vs Service Level Agreement (SLA) Alert Severity Service Level Agreement (SLA) Low 24 hours Medium 12 hours High 1 hour Critical 15 minutes SLA Breach Impact 1. Website / Server can be hacked. 2. You broke the policy and agreement, hence your company needs to pay 4 Lakh rupees for each SLA breach. 3. If you breach SLA more than 3 times, your company may terminate you. 4. Your company is at very high risk of cyber-attack because of SLA breach
  • 14. TTPs Within Cyber Threat Intelligence • Tactics, techniques and procedures (TTPs) are the “patterns of activities or methods associated with a specific threat actor or group of threat actors.” • Analysis of TTPs aids in counterintelligence and security operations by describing how threat actors perform attacks. • TTPs describe how threat actors (the bad guys) orchestrate, execute and manage their operations attacks. (“Tactics” is also sometimes called “tools” in the acronym.) • Specifically, TTPs are defined as the “patterns of activities or methods associated with a specific threat actor or group of threat actors,” according to the Definitive Guide to Cyber Threat Intelligence. TTP = https://www.optiv.com/explore-optiv-insights/blog/tactics-techniques-and-procedures-ttps-within-cyber-threat-intelligence
  • 15. Monitoring and Investigation • A SOC team proactively uses SIEM (Security information and event management) and EDR (Endpoint Detection and Response) tools to monitor suspicious and malicious network activities. Imagine being a firefighter and having a multi-alarm fire - one-alarm fires, two-alarm fires, three-alarm fires; the categories classify the seriousness of the fire, which is a threat in our case. • As a Security Analyst, you will learn how to prioritise the alerts based on their level: Low, Medium, High, and Critical. • Of course, it is an easy guess that you will need to start from the highest level (Critical) and work towards the bottom - Low-level alert. • Having properly configured security monitoring tools in place will give you the best chance to mitigate the threat. • Junior Security Analysts play a crucial role in the investigation procedure. They perform triaging on the ongoing alerts by exploring and understanding how a certain attack works and preventing bad things from happening if they can. Reference – What is SIEM? - https://www.trellix.com/security-awareness/operations/what-is-siem/ What Is Endpoint Detection and Response? – https://www.trellix.com/security-awareness/endpoint/what-is-endpoint-detection-and-response/
  • 16. Monitoring and Investigation • During the investigation, it's important to raise the question "How? When, and why?". Security Analysts find the answers by drilling down on the data logs and alerts in combination with using open-source tools, which we will have a chance to explore later in this path. Response • After the investigation, the SOC team coordinates and takes action on the compromised hosts, which involves isolating the hosts from the network, terminating the malicious processes, deleting files, and more.