SOC Analyst.pdf all about being SOC analyst
mutambiranwaamanda
7 views
8 slides
Sep 10, 2025
Slide 1 of 8
1
2
3
4
5
6
7
8
About This Presentation
It is a pdf that guides one on how to be a SOC analyst
Slide Content
Soc an nolyst
SIM spas for securiky informate
Management A
+ SEM “stands for security event
management
Simp SLEM stands fot security
information event management *
Siem is used for
» Log collection 8) cot£gor zen]
2) Lo Aggregator _ 4) Enrichment
3) Rule based alert 10) Indexing
4) Aróficas intelligence 11) storage“
5) Response
9 Parsin ae
7). Nofmolı zabon
“EDR stonds for Endpoint o
_and fesponse
EDR coleks only sin
unLilee Csievo which
multiple Sources.
SIM spas for securiky informate
Management A
+ SEM “stands for security event
management
Simp SLEM stands fot security
information event management *
Siem is used for
» Log collection 8) cot£gor zen]
2) Lo Aggregator _ 4) Enrichment
3) Rule based alert 10) Indexing
4) Aróficas intelligence 11) storage“
5) Response
9 Parsin ae
7). Nofmolı zabon
“EDR stonds for Endpoint o
_and fesponse
EDR coleks only sin
unLilee Csievo which
multiple Sources.
E
| BAS
EDR Architecture
— =
Endpoint) ee
A
- EDR is used for
DReai=time -continious monitefing LonlineJoffl
-Line y). [2]
2) Endpoint doko. collection
3) Signature. less 5
+) Rules based Automated Response Rea) - time)
28
cpon
"ER: is = œlécbng
D Network Connections — 5;
2) ) Process “execution
3) Regi str, Medification
Y renta running pores
DE Process Events
| BAS
EDR Architecture
— =
Endpoint) ee
A
- EDR is used for
DReai=time -continious monitefing LonlineJoffl
-Line y). [2]
2) Endpoint doko. collection
3) Signature. less 5
+) Rules based Automated Response Rea) - time)
28
cpon
"ER: is = œlécbng
D Network Connections — 5;
2) ) Process “execution
3) Regi str, Medification
Y renta running pores
DE Process Events
+ Soc stands’ fot Betis iy! operate
centre
| "Soc is used for
| 1) Meok Moni borin
| 3° Investigating Alerts
3) Responding” Incident
“Technol used in Soc
Y SIEM 3)
2) EDR -End point detection and fespeny
3) TIP - Threat Intelligence Platform
y) SOAR Csecurity orches ation aukomotes e
5) Tickbna system = Sefvice Nov / Sita.
6) MOR —Coanaged detection and (expone
«Tak of LA Soc Analyst
1) Alerk triage —
2) Ist Line of Defense
3) Identifying. anomatios
4) Rossing feoyuest for whitelists
5) Perforing \nvestiqation
centre
| "Soc is used for
| 1) Meok Moni borin
| 3° Investigating Alerts
3) Responding” Incident
“Technol used in Soc
Y SIEM 3)
2) EDR -End point detection and fespeny
3) TIP - Threat Intelligence Platform
y) SOAR Csecurity orches ation aukomotes e
5) Tickbna system = Sefvice Nov / Sita.
6) MOR —Coanaged detection and (expone
«Tak of LA Soc Analyst
1) Alerk triage —
2) Ist Line of Defense
3) Identifying. anomatios
4) Rossing feoyuest for whitelists
5) Perforing \nvestiqation
Soie Lac Anol
» Monitoring Alerts
2) Threok un Ling
y) Resource Mentörina
4) Creating and approving W
s) handling Escaiated Nos
ysk
“Task of L3 soc Analyst
» Clent Onbo arding
3 \ncident Management
a) Report ana Documentation
u) Staleeholders Communication Crechnical)
“=
* Security technologies used in soar
y TickBng 4) cloud Tools
D OU 19) 1AM /PAM
DA
YER
DIE)
§) Email ona Web goteways
DN ALOT security £
2) Vulnerabity Managemen
» Monitoring Alerts
2) Threok un Ling
y) Resource Mentörina
4) Creating and approving W
s) handling Escaiated Nos
ysk
“Task of L3 soc Analyst
» Clent Onbo arding
3 \ncident Management
a) Report ana Documentation
u) Staleeholders Communication Crechnical)
“=
* Security technologies used in soar
y TickBng 4) cloud Tools
D OU 19) 1AM /PAM
DA
YER
DIE)
§) Email ona Web goteways
DN ALOT security £
2) Vulnerabity Managemen
+ Automotion ito protect envoiteent
D TWiage
2) Enniehment
3) T\ Gakherin
y) Valdokon acfoss detection +00l
5) Close Falke : posibves
6) Emos\ users
7) Block 1OUs
$) Alert Adminstotoa
+ NIST Incident fesponse Framework
1) Prepration
2) Detection and Analysis
3) containment Eradication’ ond Recovery
4) Posk \nadend ficivity
= SANS incident _fesponse Frome werk
y Prepradion i
2) identification =
3) containment
4) Eradication
5) Recovery
D TWiage
2) Enniehment
3) T\ Gakherin
y) Valdokon acfoss detection +00l
5) Close Falke : posibves
6) Emos\ users
7) Block 1OUs
$) Alert Adminstotoa
+ NIST Incident fesponse Framework
1) Prepration
2) Detection and Analysis
3) containment Eradication’ ond Recovery
4) Posk \nadend ficivity
= SANS incident _fesponse Frome werk
y Prepradion i
2) identification =
3) containment
4) Eradication
5) Recovery
e
. Eradication is used for
D Removing Artifacts
2) Identity ALL Hosts
3) Up dokang configuration
4) Pokcnes
5) Porumentation
E Recove E
y Restoravon
2) Normal operoxions
5) Actives
DE Monitora
5) Documaen Lotion :
6) Prevent (ei nfechon
Lesson _leoned :
D Meeting
» SNe
5) Way forword
4) Documentation |
. Eradication is used for
D Removing Artifacts
2) Identity ALL Hosts
3) Up dokang configuration
4) Pokcnes
5) Porumentation
E Recove E
y Restoravon
2) Normal operoxions
5) Actives
DE Monitora
5) Documaen Lotion :
6) Prevent (ei nfechon
Lesson _leoned :
D Meeting
» SNe
5) Way forword
4) Documentation |
+ Website ko pracice : flee tue
Eeom Labs
y Cyber defendess
2) Blue tea N
3) Let def
% Cyber defenders
+ For Nebwork security We con use
1) webstrike
2) HaukE
3 Nuice Aros
* Foc molware Analysis
y HekPPF
2) MólDocio)
3) obfuscated
% Blue team ner fı
+ For Network Mälysis 4 =
1) webshel|
2) Ronsom ware
3) Moire compomis
+ For End point as ó
Y) Sysmon me
2) Brute re |
3) Compromised wordpress
Eeom Labs
y Cyber defendess
2) Blue tea N
3) Let def
% Cyber defenders
+ For Nebwork security We con use
1) webstrike
2) HaukE
3 Nuice Aros
* Foc molware Analysis
y HekPPF
2) MólDocio)
3) obfuscated
% Blue team ner fı
+ For Network Mälysis 4 =
1) webshel|
2) Ronsom ware
3) Moire compomis
+ For End point as ó
Y) Sysmon me
2) Brute re |
3) Compromised wordpress
, For Malware
> Ronsomuare script
y Melissa
DioveYou
for Phishipng Analysis
) Phishing Analysis \ and 2
MENS Defena
, for Molwore
» Powershe script
2) Par Analysis
+ Foe Piso
DJ Phishin Eno
2) Emo Analysis
+ For 0 Endpoint
D Tnvest ¢ ake Web Attack
à cont “Ranson wave _
+ For Nebuork
DJ Pork scan Adi)
2) IMection oh cobalt | strilee
3
> Ronsomuare script
y Melissa
DioveYou
for Phishipng Analysis
) Phishing Analysis \ and 2
MENS Defena
, for Molwore
» Powershe script
2) Par Analysis
+ Foe Piso
DJ Phishin Eno
2) Emo Analysis
+ For 0 Endpoint
D Tnvest ¢ ake Web Attack
à cont “Ranson wave _
+ For Nebuork
DJ Pork scan Adi)
2) IMection oh cobalt | strilee
3
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7
- Slides 8
- Age 91 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
37 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
40 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
36 views
14
Fertility awareness methods for women in the society
Isaiah47
33 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
32 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
34 views