Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Effective Threat Investigation for SOC Analysts
  • Table Of Contents Toc
  • Feedback & Rating feedback
Effective Threat Investigation for SOC Analysts

Effective Threat Investigation for SOC Analysts

By : Mostafa Yahia
4.8 (21)
close
close
Effective Threat Investigation for SOC Analysts

Effective Threat Investigation for SOC Analysts

4.8 (21)
By: Mostafa Yahia

Overview of this book

Effective threat investigation requires strong technical expertise, analytical skills, and a deep understanding of cyber threats and attacker techniques. It's a crucial skill for SOC analysts, enabling them to analyze different threats and identify security incident origins. This book provides insights into the most common cyber threats and various attacker techniques to help you hone your incident investigation skills. The book begins by explaining phishing and email attack types and how to detect and investigate them, along with Microsoft log types such as Security, System, PowerShell, and their events. Next, you’ll learn how to detect and investigate attackers' techniques and malicious activities within Windows environments. As you make progress, you’ll find out how to analyze the firewalls, flows, and proxy logs, as well as detect and investigate cyber threats using various security solution alerts, including EDR, IPS, and IDS. You’ll also explore popular threat intelligence platforms such as VirusTotal, AbuseIPDB, and X-Force for investigating cyber threats and successfully build your own sandbox environment for effective malware analysis. By the end of this book, you’ll have learned how to analyze popular systems and security appliance logs that exist in any environment and explore various attackers' techniques to detect and investigate them with ease.
Table of Contents (22 chapters)
close
close
1
Part 1: Email Investigation Techniques
4
Part 2: Investigating Windows Threats by Using Event Logs
10
Part 3: Investigating Network Threats by Using Firewall and Proxy Logs
15
Part 4: Investigating Other Threats and Leveraging External Sources to Investigate Cyber Threats

Preface

As we continue to rely more on technology, we are exposed to cyber threats that pose a significant risk to our security and privacy. In recent years, cyber-attacks have become increasingly sophisticated, making it more difficult for security professionals to identify and investigate them. This is particularly true for Security Operations Center (SOC) analysts who are responsible for detecting and responding to cyber threats.

Effective Threat Investigation for SOC Analysts is a comprehensive guide to help SOC analysts understand the techniques used by threat actors to achieve their objectives, including initial access, execution, persistence, lateral movement, Command and Control (C&C), and exfiltration. This book also explains how to detect and investigate cyber threats by analyzing most of the possible solutions and system logs that you may receive in your organization’s Security Information and Event Management (SIEM) solution, including email security logs, Windows event logs, proxy logs, firewall logs, security solution alerts, Web Application Firewall (WAF) logs, and more. By using this book, SOC analysts can gain the knowledge and skills they need to be better prepared to detect and investigate cyber threats in their organizations.

The book covers a range of topics, starting with an in-depth analysis of email-based cyber threats and the importance of email header analysis. It also delves into the specifics of Windows account login and management tracking, the investigation of suspicious Windows process executions, PowerShell attacks, and persistence and lateral movement techniques in the Windows environment by analyzing the various Windows logs.

The book provides valuable insights into how to detect and investigate security incidents using firewall logs, proxy logs, and analyzing suspicious outbound communications, including C&C communications. It also covers the importance of WAF and application logs in detecting and investigating external threats, including various types of web attacks and suspicious external access to remote services.

In addition, the book guides SOC analysts in detecting and investigating cyber threats using network flows, Intrusion Prevention Systems (IPS)/Intrusion Detection Systems (IDS) alerts, network antivirus, and sandbox alerts; also, it teaches the SOC analyst how to investigate Endpoint Detection and Response (EDR) and antivirus alerts. The book provides an overview of threat intelligence and its importance in investigating cyber threats. It covers several tools and platforms for investigating threats, including VirusTotal, IBM-XForce, AbuseIPDB, and Google.

Finally, the book provides a comprehensive practical guide for SOC analysts on building a malware sandbox environment to investigate suspicious files using static and dynamic malware analysis techniques.

We hope this book will be a valuable resource for SOC analysts and security professionals who are committed to protecting our digital world.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY