Effective Threat Investigation for SOC Analysts
eBook - ePub

Effective Threat Investigation for SOC Analysts

The ultimate guide to examining various threats and attacker techniques using security logs

  1. 314 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Effective Threat Investigation for SOC Analysts

The ultimate guide to examining various threats and attacker techniques using security logs

About this book

Detect and investigate various cyber threats and techniques carried out by malicious actors by analyzing logs generated from different sourcesPurchase of the print or Kindle book includes a free PDF eBook

Key Features

  • Understand and analyze various modern cyber threats and attackers' techniques
  • Gain in-depth knowledge of email security, Windows, firewall, proxy, WAF, and security solution logs
  • Explore popular cyber threat intelligence platforms to investigate suspicious artifacts

Book Description

Effective threat investigation requires strong technical expertise, analytical skills, and a deep understanding of cyber threats and attacker techniques. It's a crucial skill for SOC analysts, enabling them to analyze different threats and identify security incident origins. This book provides insights into the most common cyber threats and various attacker techniques to help you hone your incident investigation skills.The book begins by explaining phishing and email attack types and how to detect and investigate them, along with Microsoft log types such as Security, System, PowerShell, and their events. Next, you'll learn how to detect and investigate attackers' techniques and malicious activities within Windows environments. As you make progress, you'll find out how to analyze the firewalls, flows, and proxy logs, as well as detect and investigate cyber threats using various security solution alerts, including EDR, IPS, and IDS. You'll also explore popular threat intelligence platforms such as VirusTotal, AbuseIPDB, and X-Force for investigating cyber threats and successfully build your own sandbox environment for effective malware analysis.By the end of this book, you'll have learned how to analyze popular systems and security appliance logs that exist in any environment and explore various attackers' techniques to detect and investigate them with ease.

What you will learn

  • Get familiarized with and investigate various threat types and attacker techniques
  • Analyze email security solution logs and understand email flow and headers
  • Practically investigate various Windows threats and attacks
  • Analyze web proxy logs to investigate C&C communication attributes
  • Leverage WAF and FW logs and CTI to investigate various cyber attacks

Who this book is for

This book is for Security Operation Center (SOC) analysts, security professionals, cybersecurity incident investigators, incident handlers, incident responders, or anyone looking to explore attacker techniques and delve deeper into detecting and investigating attacks. If you want to efficiently detect and investigate cyberattacks by analyzing logs generated from different log sources, then this is the book for you. Basic knowledge of cybersecurity and networking domains and entry-level security concepts are necessary to get the most out of this book.

]]>

Trusted by 375,005 students

Access to over 1.5 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Packt Publishing
Year
2023
Topic
Computer Science
eBook ISBN
9781837638758
Subtopic
Cyber Security
Index
Computer Science

Table of contents

  1. Effective Threat Investigation for SOC Analysts
  2. Contributors
  3. Preface
  4. Part 1: Email Investigation Techniques
  5. 1
  6. 2
  7. Part 2: Investigating Windows Threats by Using Event Logs
  8. 3
  9. 4
  10. 5
  11. 6
  12. 7
  13. Part 3: Investigating Network Threats by Using Firewall and Proxy Logs
  14. 8
  15. 9
  16. 10
  17. 11
  18. Part 4: Investigating Other Threats and Leveraging External Sources to Investigate Cyber Threats
  19. 12
  20. 13
  21. 14
  22. 15
  23. Index
  24. Other Books You May Enjoy

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Effective Threat Investigation for SOC Analysts by Mostafa Yahia in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over 1.5 million books available in our catalogue for you to explore.