-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Effective Threat Investigation for SOC Analysts
By :

During this part of the book’s chapters, we will use the Mordor security dataset and The Hunting ELK (HELK) SIEM solution to analyze Windows event logs and intrusions and adversaries’ techniques. Mordor security is a dataset of pre-recorded security events generated by simulated adversarial techniques. To explore and learn more about the available datasets, follow this link: https://securitydatasets.com/introduction.html. HELK is an open source SIEM solution, which we will use to ingest and explore Mordor dataset events; for more information about HELK, follow this link: https://github.com/Cyb3rWard0g/HELK.
By using both the Mordor datasets and HELK SIEM solution, we will analyze the possible Windows event logs in order to profile users’ activities, investigating attacker techniques such as execution, persistence, enumeration, defense evasion, and lateral movement techniques.
Although you are not required...
Change the font size
Change margin width
Change background colour