Présentation SIEM SOC Operation Analysts Tools P1
Khaledboufnina
107 views
39 slides
Jun 30, 2024
Slide 1 of 39
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
About This Presentation
Operation Analysts Tools P1
Module 1: Introduction to SIEM Done
Module 2: Network Threats Done
Module 3: SIEM Architecture Done
Module 4: SIEM Deployment with all Components Done
Module 5: Logs and Events Done
Module 6: Event Collection and Event Correlation Done
Module 7: Correlation Rules Done
Mod...
Slide Content
Ali Ali
SIEM
SOC Operation
AnalystsTools P1
SIEM
SOC Operation
AnalystsTools P1
Ali Ali
SIEM Training Course
Training Hrs. Module Description
Done
Module 1: Introduction to SIEM
Done
Module 2: Network Threats
Done
Module 3: SIEM Architecture
Done
Module 4: SIEM Deployment with all Components
Done
Module 5: Logs and Events
Done
Module 6: Event Collection and Event Correlation
Done
Module 7: Correlation Rules
Done
Module 8: Forensically Ready Data
Done
Module 9: Intrusion Detection, Prevention, and Tolerance
Done
Module 10: Properties of a Robust SIEM
Done
Module 11: Up and running Wazuh SIEM
Done
Module 12: Using Web Interface
Done
Module 13: Configuring Sensor, Logger, and Server
Done
Module 14: Configuring Network Inventory
SIEM Training Course
Training Hrs. Module Description
Done
Module 1: Introduction to SIEM
Done
Module 2: Network Threats
Done
Module 3: SIEM Architecture
Done
Module 4: SIEM Deployment with all Components
Done
Module 5: Logs and Events
Done
Module 6: Event Collection and Event Correlation
Done
Module 7: Correlation Rules
Done
Module 8: Forensically Ready Data
Done
Module 9: Intrusion Detection, Prevention, and Tolerance
Done
Module 10: Properties of a Robust SIEM
Done
Module 11: Up and running Wazuh SIEM
Done
Module 12: Using Web Interface
Done
Module 13: Configuring Sensor, Logger, and Server
Done
Module 14: Configuring Network Inventory
Ali Ali
SIEM Training Course
Training Hrs. Module Description
Done
Module 15: Configuring Vulnerability Scanning
Done
Module 16: Configuring Signature Updates
Done
Module 17: Policy Management
Done
Module 18: Configuring Tickets
Done
Module 19: Introduction to e-search
Done
Module 20: Overview of machine data
Done
Module 21: How SIEM Works with machine data
Done
Module 22: developing, building new rules
Done
Module 23: Searching and saving results
Done
Module 24: Creating Reports and Visualizations
Done
Module 25: Intrusion detection with Suricata
Done
Module 26: digging deep with reading machine data
Done
Module 27: expanding SIEM with new assets
Done
Modul 28: Operation drills: simul ating real attacks scenarios, and
defensecountermeasures basedonoperationrolesprocedures
SIEM Training Course
Training Hrs. Module Description
Done
Module 15: Configuring Vulnerability Scanning
Done
Module 16: Configuring Signature Updates
Done
Module 17: Policy Management
Done
Module 18: Configuring Tickets
Done
Module 19: Introduction to e-search
Done
Module 20: Overview of machine data
Done
Module 21: How SIEM Works with machine data
Done
Module 22: developing, building new rules
Done
Module 23: Searching and saving results
Done
Module 24: Creating Reports and Visualizations
Done
Module 25: Intrusion detection with Suricata
Done
Module 26: digging deep with reading machine data
Done
Module 27: expanding SIEM with new assets
Done
Modul 28: Operation drills: simul ating real attacks scenarios, and
defensecountermeasures basedonoperationrolesprocedures
Ali Ali
SIEM Training Course
Training Hrs. Module Description
Done
Module 29: Security Operation Center SOC
In Progress
Module 30: SOC Policies and Procedures
2
Module 31:
Threat Intelligence
2
Module 32: Incident Response
2
Module 33:
Vulnerability Management
2
Module 34:
Network Security Monitoring
8
Module 35: Use Cases
SIEM Training Course
Training Hrs. Module Description
Done
Module 29: Security Operation Center SOC
In Progress
Module 30: SOC Policies and Procedures
2
Module 31:
Threat Intelligence
2
Module 32: Incident Response
2
Module 33:
Vulnerability Management
2
Module 34:
Network Security Monitoring
8
Module 35: Use Cases
Ali Ali
The Content
1. Investigation Tools
2. Reputation Tools
3. Sandboxes
4. Malware Analysis Tools
5. Vulnerability Management Tools
6. Network Security Tools
7. Web Security Tools
8. Endpoint Security Tools
9. Forensics Tools
10. Threat Intelligence Tools
The Content
1. Investigation Tools
2. Reputation Tools
3. Sandboxes
4. Malware Analysis Tools
5. Vulnerability Management Tools
6. Network Security Tools
7. Web Security Tools
8. Endpoint Security Tools
9. Forensics Tools
10. Threat Intelligence Tools
Ali Ali
SIEM
SOC Analysts
Investigation Tools
1. Snort:
A open-source and free, widely-used network intrusion detection system (IDS) that
can also act as an intrusion prevention system (IPS). Main func tions are:
•Detecting and blocking network attacks
•Monitoring network traffic for suspicious activity
•Detecting and blocking malware
Ali Ali
SIEM
SOC Analysts
Investigation Tools
1. Snort:
A open-source and free, widely-used network intrusion detection system (IDS) that
can also act as an intrusion prevention system (IPS). Main func tions are:
•Detecting and blocking network attacks
•Monitoring network traffic for suspicious activity
•Detecting and blocking malware
Ali Ali
Ali Ali
SIEM
SOC Analysts
Investigation Tools
2. TheHive: A scalable, open-source and free security incident response p latform
designed to make life easier for SOCs, CSIRTs, and CERTs
Ali Ali
SIEM
SOC Analysts
Investigation Tools
2. TheHive: A scalable, open-source and free security incident response p latform
designed to make life easier for SOCs, CSIRTs, and CERTs
Ali Ali
Ali Ali
SIEM
SOC Analysts
Investigation Tools
3. Autopsy: is a GUI-based open source digital forensic program to analyze and
investigate hard drives and smartphones efficiently
Ali Ali
SIEM
SOC Analysts
Investigation Tools
3. Autopsy: is a GUI-based open source digital forensic program to analyze and
investigate hard drives and smartphones efficiently
Ali Ali
Ali Ali
SIEM
SOC Analysts
Investigation Tools
4. Process Hacker: Provides detailed system information and monitoring of system
resources in Windows OS, debugging, and malware detection
Ali Ali
SIEM
SOC Analysts
Investigation Tools
4. Process Hacker: Provides detailed system information and monitoring of system
resources in Windows OS, debugging, and malware detection
Ali Ali
Ali Ali
SIEM
SOC Analysts
Investigation Tools
5. Browsing History View: Aggregates and displays the browsing history from
multiple browsers in one interface
Ali Ali
SIEM
SOC Analysts
Investigation Tools
5. Browsing History View: Aggregates and displays the browsing history from
multiple browsers in one interface
Ali Ali
Ali Ali
SIEM
SOC Analysts
Reputation Tools
1. MISP (Malware Information Sharing Platform & Threat Sharing): An open-
source software solution for collecting, storing, distributing, and sharing
cybersecurity indicators and threats about cybersecurity incide nts
Ali Ali
SIEM
SOC Analysts
Reputation Tools
1. MISP (Malware Information Sharing Platform & Threat Sharing): An open-
source software solution for collecting, storing, distributing, and sharing
cybersecurity indicators and threats about cybersecurity incide nts
Ali Ali
Ali Ali
SIEM
SOC Analysts
Reputation Tools
2. Abuse.ch: Offers various threat intelligence feeds, including URLhaus, wh ich is a
project that collects and shares URLs related to malware sites
Ali Ali
SIEM
SOC Analysts
Reputation Tools
2. Abuse.ch: Offers various threat intelligence feeds, including URLhaus, wh ich is a
project that collects and shares URLs related to malware sites
Ali Ali
Ali Ali
SIEM
SOC Analysts
Reputation Tools
Ali Ali
3. VirusTotal: YoucanbothIPandhashsearchonVTdatabase.andfind
relationshipsabout suspicious IP/files
SIEM
SOC Analysts
Reputation Tools
Ali Ali
3. VirusTotal: YoucanbothIPandhashsearchonVTdatabase.andfind
relationshipsabout suspicious IP/files
Ali Ali
SIEM
SOC Analysts
Reputation Tools
Ali Ali
4. AbuseIPDB: A tool that allows users to check if an IP address has been rep orted
for suspicious activity. It’s a valuable resource for verifying whether an IP address
found in firewall logs has a history of malicious behavior
SIEM
SOC Analysts
Reputation Tools
Ali Ali
4. AbuseIPDB: A tool that allows users to check if an IP address has been rep orted
for suspicious activity. It’s a valuable resource for verifying whether an IP address
found in firewall logs has a history of malicious behavior
Ali Ali
SIEM
SOC Analysts
Reputation Tools
Ali Ali
5. Cisco Talos: This is Cisco’s threat intelligence organization that provides a
comprehensive real-time threat detection network. It spans web requests, emails,
malware samples, open-source data sets, endpoint intelligence, and network
intrusions. Talos offers a reputation center where you can look up websites, URLs,
and IP addresses to check their reputation and related threat i ntelligence
SIEM
SOC Analysts
Reputation Tools
Ali Ali
5. Cisco Talos: This is Cisco’s threat intelligence organization that provides a
comprehensive real-time threat detection network. It spans web requests, emails,
malware samples, open-source data sets, endpoint intelligence, and network
intrusions. Talos offers a reputation center where you can look up websites, URLs,
and IP addresses to check their reputation and related threat i ntelligence
Ali Ali
SIEM
SOC Analysts
Sandbox Tools
Ali Ali
Sandbox:
allows th e user to create a "virtu al playground" in which any application th a t you
allow to run on your com puter will be sandboxed. This means th a t th e applications are not
allowed to have any viruses or any other potentially harm ful program s on th e m . Each
application can also have a unique profile th a t will determ ine how it works
1. Sandboxie: An open-source tool for creating isolated sandbox environments on
Windows
SIEM
SOC Analysts
Sandbox Tools
Ali Ali
Sandbox:
allows th e user to create a "virtu al playground" in which any application th a t you
allow to run on your com puter will be sandboxed. This means th a t th e applications are not
allowed to have any viruses or any other potentially harm ful program s on th e m . Each
application can also have a unique profile th a t will determ ine how it works
1. Sandboxie: An open-source tool for creating isolated sandbox environments on
Windows
Ali Ali
SIEM
SOC Analysts
Sandbox Tools
Ali Ali
2. Comodo Firewall: Comes with an integrated sandbox feature to isolate
suspicious files
SIEM
SOC Analysts
Sandbox Tools
Ali Ali
2. Comodo Firewall: Comes with an integrated sandbox feature to isolate
suspicious files
Ali Ali
SIEM
SOC Analysts
Sandbox Tools
Ali Ali
3. urlscan.io: A sandbox tool that allows users to scan and analyze websites t o
detect and investigate potential malicious behavior. It provide s detailed information
about the HTTP requests, redirects, and domains involved in ser ving a web page
SIEM
SOC Analysts
Sandbox Tools
Ali Ali
3. urlscan.io: A sandbox tool that allows users to scan and analyze websites t o
detect and investigate potential malicious behavior. It provide s detailed information
about the HTTP requests, redirects, and domains involved in ser ving a web page
Ali Ali
SIEM
SOC Analysts
Sandbox Tools
Ali Ali
4. ANY.RUN: An interactive online malware sandbox service that allows for r eal-
time interaction, network tracking, process monitoring, and beh avior graphing. It
provides a community-driven threat intelligence database and al lows users to
analyze malware in a secure and convenient way
SIEM
SOC Analysts
Sandbox Tools
Ali Ali
4. ANY.RUN: An interactive online malware sandbox service that allows for r eal-
time interaction, network tracking, process monitoring, and beh avior graphing. It
provides a community-driven threat intelligence database and al lows users to
analyze malware in a secure and convenient way
Ali Ali
SIEM
SOC Analysts
Malware Analysis Tools
Ali Ali
1. capa: Detects capabilities in executable files, helping to identify what a program
can do
SIEM
SOC Analysts
Malware Analysis Tools
Ali Ali
1. capa: Detects capabilities in executable files, helping to identify what a program
can do
Ali Ali
SIEM
SOC Analysts
Malware Analysis Tools
2. FLARE Obfuscated String Solver (FLOSS): Uses static analysis to deobfuscate
strings from malware binaries
SIEM
SOC Analysts
Malware Analysis Tools
2. FLARE Obfuscated String Solver (FLOSS): Uses static analysis to deobfuscate
strings from malware binaries
Ali Ali
SIEM
SOC Analysts
Malware Analysis Tools
Ali Ali
3. Ghidra: A software reverse engineering framework created by the NSA, useful
for analyzing compiled code
SIEM
SOC Analysts
Malware Analysis Tools
Ali Ali
3. Ghidra: A software reverse engineering framework created by the NSA, useful
for analyzing compiled code
Ali Ali
SIEM
SOC Analysts
Malware Analysis Tools
Ali Ali
4. Malcom: Analyzes network communication and cross-references with known
malware sources
SIEM
SOC Analysts
Malware Analysis Tools
Ali Ali
4. Malcom: Analyzes network communication and cross-references with known
malware sources
Ali Ali
SIEM
SOC Analysts
Malware Analysis Tools
Ali Ali
5. MXToolBox: During the phishing campaign analysis, it would be helpful fo r
spoofing analysis. You can compare the SMTP addresses
SIEM
SOC Analysts
Malware Analysis Tools
Ali Ali
5. MXToolBox: During the phishing campaign analysis, it would be helpful fo r
spoofing analysis. You can compare the SMTP addresses
Ali Ali
SIEM
SOC Analysts
Malware Analysis Tools
Ali Ali
6. Koodous: A collaborative platform for Android malware analysis that comb ines
online analysis tools with social interactions between analysts . It provides a vast
repository of APKs for research and an Android app for real-tim e protection against
threats
SIEM
SOC Analysts
Malware Analysis Tools
Ali Ali
6. Koodous: A collaborative platform for Android malware analysis that comb ines
online analysis tools with social interactions between analysts . It provides a vast
repository of APKs for research and an Android app for real-tim e protection against
threats
Ali Ali
SIEM
SOC Analysts
Vulnerability Management Tools
Ali Ali
1. Nmap: A network discovery and security auditing tool widely used fo r network
inventory, managing service upgrade schedules, and monitoring h ost or service
uptime
SIEM
SOC Analysts
Vulnerability Management Tools
Ali Ali
1. Nmap: A network discovery and security auditing tool widely used fo r network
inventory, managing service upgrade schedules, and monitoring h ost or service
uptime
Ali Ali
SIEM
SOC Analysts
Vulnerability Management Tools
Ali Ali
2. OpenVAS: The Open Vulnerability Assessment System, a framework of seve ral
services and tools offering a comprehensive and powerful vulner ability scanning
and vulnerability management solution
SIEM
SOC Analysts
Vulnerability Management Tools
Ali Ali
2. OpenVAS: The Open Vulnerability Assessment System, a framework of seve ral
services and tools offering a comprehensive and powerful vulner ability scanning
and vulnerability management solution
Ali Ali
SIEM
SOC Analysts
Vulnerability Management Tools
Ali Ali
3. ZAP (Zed Attack Proxy): An open-source web application security scanner. It’s
designed to find security vulnerabilities in web applications
SIEM
SOC Analysts
Vulnerability Management Tools
Ali Ali
3. ZAP (Zed Attack Proxy): An open-source web application security scanner. It’s
designed to find security vulnerabilities in web applications
Ali Ali
SIEM
SOC Analysts
Network Security Tools
Ali Ali
1. Kismet: A network detector, packet sniffer, and intrusion detection s ystem for
802.11 wireless LANs
SIEM
SOC Analysts
Network Security Tools
Ali Ali
1. Kismet: A network detector, packet sniffer, and intrusion detection s ystem for
802.11 wireless LANs
Ali Ali
SIEM
SOC Analysts
Network SecurityTools
Ali Ali
2. Suricata: A high-performance Network IDS, IPS, and Network Security
Monitoring engine
SIEM
SOC Analysts
Network SecurityTools
Ali Ali
2. Suricata: A high-performance Network IDS, IPS, and Network Security
Monitoring engine
Ali Ali
SIEM
SOC Analysts
WebSecurityTools
Ali Ali
1. OWASP ZAP (Zed Attack Proxy): An open-source web application security
scanner
SIEM
SOC Analysts
WebSecurityTools
Ali Ali
1. OWASP ZAP (Zed Attack Proxy): An open-source web application security
scanner
Ali Ali
SIEM
SOC Analysts
Web Security Tools
Ali Ali
2. Wapiti: A command-line application that scans web applications for secu rity
vulnerabilities
SIEM
SOC Analysts
Web Security Tools
Ali Ali
2. Wapiti: A command-line application that scans web applications for secu rity
vulnerabilities
Ali Ali
SIEM
SOC Analysts
EndpointSecurity Tools
Ali Ali
1. OSSEC: An open-source host-based intrusion detection system that per forms log
analysis, file integrity checking, policy monitoring, rootkit d etection, real-time
alerting, and active response
SIEM
SOC Analysts
EndpointSecurity Tools
Ali Ali
1. OSSEC: An open-source host-based intrusion detection system that per forms log
analysis, file integrity checking, policy monitoring, rootkit d etection, real-time
alerting, and active response
Ali Ali
SIEM
SOC Analysts
ForensicsTools
Ali Ali
1. Volatility: An advanced memory forensics framework
SIEM
SOC Analysts
ForensicsTools
Ali Ali
1. Volatility: An advanced memory forensics framework
Ali Ali
SIEM
SOC Analysts
ForensicsTools
2. SIFT (SANS Investigative Forensic Toolkit): A suite of forensic tools designed
to perform detailed digital forensic examinations in a variety of settings
SIEM
SOC Analysts
ForensicsTools
2. SIFT (SANS Investigative Forensic Toolkit): A suite of forensic tools designed
to perform detailed digital forensic examinations in a variety of settings
Ali Ali
SIEM
SOC Analysts
Threat IntelligenceTools
1. YARA: A tool aimed at helping malware researchers to identify and c lassify
malware samples
SIEM
SOC Analysts
Threat IntelligenceTools
1. YARA: A tool aimed at helping malware researchers to identify and c lassify
malware samples
Ali Ali
SIEM
SOC Analysts
Threat Intelligence Tools
Ali Ali
2. MITRE ATT&CK: Although not a tool, it’s a globally-accessible knowledge bas e
of adversary tactics and technologies
SIEM
SOC Analysts
Threat Intelligence Tools
Ali Ali
2. MITRE ATT&CK: Although not a tool, it’s a globally-accessible knowledge bas e
of adversary tactics and technologies
It’s NOT BUSINESS, It’s Very PERSONAL
Questions
Ali Ali
Ali Ali
Ali Ali
Ali Ali
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 107
- Slides 39
- Age 519 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views