😊Welcome to CyLabs
101 Series
Introduction to Cyber Security Operations
Cyber Security Assessment
Cybersecurity Frameworks and Standards
Security Domains
Operational Security
Industry Specific Security:Case Studies
- Aviation Security
  - The Integral Role of Airports in National Security : Operations Perspective
  - Cyber Attacks on Airports
  - Navigating the Complex Web of Airport Operations: Key Components and Leading Industry Providers
- Aviation Security
Computational Science
- Quantum Computing
  - Quantum Computing: Unleashing the Power of Qubits
- Probability
Data Engineering
AI/ML and Data Science
Application Development
- Django
Radom Topics :)
- CSA WAI
CISSP

Powered by GitBook

On this page

Operational Security

SOC/SOAR

PreviousEndpoint Management NextThreat hunting scenarios

Last updated 1 year ago

Was this helpful?

CtrlK

Was this helpful?

Security Operations Center Operations

Wazuh

- HIDS

- OSSEC

MISP

- Threat Intellegence

Zeek/Suricata/Snort

- IDS/IPS

PFSense

- Firewall

Building blocks SOC

People
- SOC Analyst
- Incident Responders
- Threat Hunters
- SOC Managers
- IT Security/ Compliance/Auditor
- Security Architects
Process
- Robust
- Repeatable playbooks
- Guidance with consistency
Technology
- Data Collection
- - Log Sources

Types of SOC's

Proactive SOC
Reactive SOC

SOC Operations

Log Sources
- Access Logs
- - System Activity logs
  - FTP server logs
  - Program execution error logs
  - Database query logs
  - Webserver access logs
  - Examples
  - AD, DC, Azure, Apache, Database logs
Log Management
- NIST SP 800-92 guidelines
- System Logs
- Network Logs

Alert Management
- Prioritize True Positives
- Discard False Positives
- Triage the alert
- Resolve

Prevention
- Implementing preventive approach
Detection
- Unusual traffic
Incident Management
- Threat Analysis
- How it disrupt organization operations
Incident Response
- Resolving the issue
- Creating the new detection Rules
Compliance Management
- Industry and Government compliance and regulations
- Application standards
- Protocol Usage

SOC Functions

Threat Detection
Threat Mitigation
Threat Monitoring
Threat Hunting
Troubleshooting the configuration and operational issues
Incident Investigation
Incident Forensics
Industry and government compliance auditing

Few queriers

HTTP status codes
User login country
Application used to login
Request data file
Most clicked links
Most downloaded files
HTTP GET requests
Long tail analysis
- Source IP
- Destination IP
- Destination Port

Periodical updates of Rules/TTP's

Data Management

Threat Detection

Threat Analytics

Log Generation, Transmitting, Storing, Analyzing and Disposing

geolocations

Protocol

Username

Resource

HTTP methods

Status codes

URI query

HTTP request header parse all the parameters useful for analysis