-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating
Effective Threat Investigation for SOC Analysts
By :
Effective Threat Investigation for SOC Analysts
By:
Overview of this book
Effective threat investigation requires strong technical expertise, analytical skills, and a deep understanding of cyber threats and attacker techniques. It's a crucial skill for SOC analysts, enabling them to analyze different threats and identify security incident origins. This book provides insights into the most common cyber threats and various attacker techniques to help you hone your incident investigation skills.
The book begins by explaining phishing and email attack types and how to detect and investigate them, along with Microsoft log types such as Security, System, PowerShell, and their events. Next, you’ll learn how to detect and investigate attackers' techniques and malicious activities within Windows environments. As you make progress, you’ll find out how to analyze the firewalls, flows, and proxy logs, as well as detect and investigate cyber threats using various security solution alerts, including EDR, IPS, and IDS. You’ll also explore popular threat intelligence platforms such as VirusTotal, AbuseIPDB, and X-Force for investigating cyber threats and successfully build your own sandbox environment for effective malware analysis.
By the end of this book, you’ll have learned how to analyze popular systems and security appliance logs that exist in any environment and explore various attackers' techniques to detect and investigate them with ease.
Table of Contents (22 chapters)
Preface
Part 1: Email Investigation Techniques
Free Chapter
Chapter 1: Investigating Email Threats
Chapter 2: Email Flow and Header Analysis
Part 2: Investigating Windows Threats by Using Event Logs
Chapter 3: Introduction to Windows Event Logs
Chapter 4: Tracking Accounts Login and Management
Chapter 5: Investigating Suspicious Process Execution Using Windows Event Logs
Chapter 6: Investigating PowerShell Event Logs
Chapter 7: Investigating Persistence and Lateral Movement Using Windows Event Logs
Part 3: Investigating Network Threats by Using Firewall and Proxy Logs
Chapter 8: Network Firewall Logs Analysis
Chapter 9: Investigating Cyber Threats by Using the Firewall Logs
Chapter 10: Web Proxy Logs Analysis
Chapter 11: Investigating Suspicious Outbound Communications (C&C Communications) by Using Proxy Logs
Part 4: Investigating Other Threats and Leveraging External Sources to Investigate Cyber Threats
Chapter 12: Investigating External Threats
Chapter 13: Investigating Network Flows and Security Solutions Alerts
Chapter 14: Threat Intelligence in a SOC Analyst’s Day
Chapter 15: Malware Sandboxing – Building a Malware Sandbox
Index
Customer Reviews
