Effective Threat Investigation for SOC Analysts

eBook Details:

• Paperback: 314 pages
• Publisher: WOW! eBook (August 25, 2023)
• Language: English
• ISBN-10: 1837634785
• ISBN-13: 978-1837634781

eBook Description:

Effective Threat Investigation for SOC Analysts: Detect and investigate various cyber threats and techniques carried out by malicious actors by analyzing logs generated from different sources

Effective threat investigation requires strong technical expertise, analytical skills, and a deep understanding of cyber threats and attacker techniques. It’s a crucial skill for Security Operation Center (SOC) analysts, enabling them to analyze different threats and identify security incident origins. This book provides insights into the most common cyber threats and various attacker techniques to help you hone your incident investigation skills.

The book begins by explaining phishing and email attack types and how to detect and investigate them, along with Microsoft log types such as Security, System, PowerShell, and their events. Next, you’ll learn how to detect and investigate attackers’ techniques and malicious activities within Windows environments. As you make progress, you’ll find out how to analyze the firewalls, flows, and proxy logs, as well as detect and investigate cyber threats using various security solution alerts, including EDR, IPS, and IDS. You’ll also explore popular threat intelligence platforms such as VirusTotal, AbuseIPDB, and X-Force for investigating cyber threats and successfully build your own sandbox environment for effective malware analysis.

• Get familiarized with and investigate various threat types and attacker techniques
• Analyze email security solution logs and understand email flow and headers
• Find out how to analyze Microsoft event logs
• Practical investigation of the various Windows threats and attacks
• Analyze web proxy logs to investigate C&C communication attributes
• Understand web application firewall (WAF) logs and examine various external attacks
• Analyze FW logs and security alerts to investigate cyber threats
• Understand the role of CTI in investigation and identify potential threats

By the end of this Effective Threat Investigation for SOC Analysts book, you’ll have learned how to analyze popular systems and security appliance logs that exist in any environment and explore various attackers’ techniques to detect and investigate them with ease.