Building SOC 101:

SOC Tools: Review of the essential security monitoring tools you’ll need for building a Successful SOC.

In this thread, we’ll learn the details of these SOC tools & technologies 🧵

#infosec #cybersecurity #Pentesting #informationsecurity #hacking #CISSP
The essential SOC capabilities include

1.Asset discovery
2.Vulnerability assessment
3.Behavioral monitoring
4.#Intrusion_detection
5.#SIEM
1.Asset Discovery:

- Knowing what’s on your network is the 1st step in protecting what’s on your network.

- You need to know what systems exist –

a.laptops and servers - as well as what’s been installed and running on those systems e.g. apps, services, and active ports.
2.Vulnerability Assessment

- Vulnerabilities represent the tiny cracks that an attacker uses to infiltrate your networks, apps, devices, and systems referred to as the “attack surface”.
These vulnerabilities can open up when you least expect them - that’s why it’s essential to continually

- - assess your entire network for vulnerabilities.
Additionally, you may be subject to a variety of contractual and regulatory mandates (e.g. PCI DSS, SOX, etc.)
3. Behavioral monitoring

- At its basic level, effective cyber security monitoring comes down to exception management.

- Creating a baseline of system and network behavior provides the essential foundation with which to spot anomalies.
- What activities represent exceptions to the norm?

- e.g. policy violations, error messages, spikes in the outbound network activity, unexpected reboots, etc.
- Technologies used for behavioral Monitoring are

1.Active service monitoring
2.#Netflow analysis
3.#Network_traffic_capture
4.Host-based intrusion detection (#HIDS).
4.Intrusion Detection System

- Detecting an intruder at the point of entry can have
the greatest impact on reducing system compromise and data leakage.
Intrusion Detection Systems (#IDS )

-One of the “must-have” SOC tools for identifying
“known” attacks and “known” attacker activity by
using rule & signature-based detection.
An intrusion detection system (#IDS ) combines NIDS & HIDS

- Network Intrusion Detection System (#NIDS):
To detect known attack patterns that indicate
malicious activity e.g. malware infections, policy
violations, port scans, etc.
Host-based Intrusion Detection System (#HIDS)
analyzes system behavior and configuration that could indicate system compromise.

This includes the ability to recognize common #rootkits, detect rogue processes, and detect modifications to critical configuration files.
5.SIEM – Security Information & Event Management

SIEM tools is a core foundation for building a SOC
because of their ability to apply dynamic correlation
rules (i.e. Correlation Directives) against a mountain of disparate and varied event log data -
- When an alarm is triggered by a correlation directive, details about the event and activity are classified according to an event taxonomy based on a simplified version of Lockheed Martin’s cyber kill chain (an industry standard).
This event classification enables SOC analysts to prioritize which events to focus on, in order to quickly respond and investigate.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Khalil Afridi

Khalil Afridi Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @khalilApriday

Dec 1
In this Mega thread, you will find 10 FREE online courses with a certificate of completion from :

1 - ISC ²
2 - Cisco Academy
3 - Fortinet
4 - EC-Council
5 - AWS

#CyberSecurity #Cisco #AWS #dfir #infosec #infosecurity #threats #Python #100DaysOfHacking
1⃣ Free Cybersecurity Training

- Information Security Awareness
- The Evolution of Cybersecurity
- NSE 2 Cloud Security
- NSE 2 Endpoint Security
- NSE 2 Threat Intelligence
- NSE 2 Security Information & Event Management
- Security Operations &
🖇️
training.fortinet.com
2⃣ Introduction to Dark Web, Anonymity, and Cryptocurrency

Learn to access Dark Web, and Tor Browser and know about Bitcoin cryptocurrency

🖇️
codered.eccouncil.org/course/introdu…
Read 12 tweets
Nov 30
You want a career in Cyber Security and Hacking?

BUT can't afford costly courses & subscriptions

Start with 💯 FREE @RealTryHackMe rooms:🧵

#tryhackme #infosec #Linux #Hacked #Root #pythoncode #CyberSec #Web3 #Hacking #BugBounty #learning #100daysofpython #Security
1⃣ Level:01 Introduction

1. OpenVPN tryhackme.com/room/openvpn
2. Welcome tryhackme.com/jr/welcome
3. Intro to Researching tryhackme.com/room/introtore…
4. Crash Course Pentesting tryhackme.com/room/ccpentest…
2⃣ Introductory CTF

1. Google Dorking tryhackme.com/room/googledor…
2. OHsint tryhackme.com/room/ohsint
3. Shodan tryhackme.com/room/shodan
Read 10 tweets
Nov 23
Best Privacy Software & Services in 2022 Everyone
should check: Top 10 Picks 🧵

#privacy #Security #infosec #search #Python #Linux
#Browser
1️⃣Incogni: Get your personal data deleted and off the market

Thousands of companies are collecting, aggregating, and trading your personal data without you knowing anything about it. Incogni removes them for you.

incogni.com
2️⃣ LibreWolf

A custom version of Firefox focused on privacy, security, and freedom.

librewolf.net
Read 11 tweets
Nov 16
Hacking APIs: You need to learn this in 2022!

Checkout these FREE resources 🧵

#hacking #infosec #Python #100daysofcoding #100DaysOfHacking #API #learning #informationsecurity #web3 #API3 #coding #Linux
#CyberSecurity
How to Hack API in 60 minutes

🖇️
wallarm.com/what/how-to-ha…
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit the community.

🖇️
github.com/arainho/awesom…
Read 9 tweets
Oct 30
Don't know where to start your Cyber Security / Hacking Learning Journey?

Your cyber security learning journey starts here for FREE!

No prior knowledge to start this roadmap! Just enthusiasm and excitement to Learn.
1️⃣ Introduction to Cyber Security

Learn about offensive and defensive security, and careers available in cyber.

tryhackme.com/room/introtoof… Introduction to Cyber Security
2️⃣ Network Fundamentals

Learn the core concepts of how computers communicate with each other and the types of network weaknesses.

tryhackme.com/room/whatisnet… Network Fundamentals
Read 7 tweets
Oct 17
Start your Career in Cyber-Security / Information-Security by spending $0

These are FREE University courses that are available online for you to take!
🧵

#infosec #infosecurity #Harvard #NetworkSecurity #CyberMonday2022 #CyberSecurityAwareness
𝐈𝐁𝐌 - 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐁𝐚𝐬𝐢𝐜𝐬
This course gives you the background needed to understand the basics of Cybersecurity.
🖇️
edx.org/course/cyberse…
𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐮𝐧𝐝𝐚𝐦𝐞𝐧𝐭𝐚𝐥𝐬

Learn cybersecurity fundamentals, including how to detect threats, protect systems and networks, and anticipate potential cyber attacks.
🖇️
edx.org/course/cyberse…
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(