Similar Posts
Cyber Analysis 102
Endpoint Analysis & Asset Investigation — L1 SOC Analyst Guide Overview This guide covers the initial steps for investigating endpoint alerts for the L1 Analyst onboarding. The focus is on determining whether a known malicious hash exists in the environment and identifying the affected device and its user. By the end of this section you…
ServiceNow (SNOW) — Tool Overview
What is ServiceNow? ServiceNow (commonly referred to as SNOW) is a cloud-based IT service management (ITSM) platform used to manage assets, users, incidents, and service requests across the organization. For SOC analysts, ServiceNow serves as a central source of truth for asset and personnel context during an investigation. Key Features Relevant to SOC Operations Asset…
DomainTools — Tool Overview
What is DomainTools? DomainTools is a domain and DNS-based cyber threat intelligence platform used by security teams to investigate suspicious domains, IP addresses, and internet infrastructure. It enables security practitioners to stop threats before they happen using internet intelligence data, detection and monitoring tools, and predictive risk scoring. For SOC analysts, DomainTools is primarily used…
The Global Hunt (Tanium)
Goal: Use a “Fingerprint” (MD5 Hash) to see if a file is on any computer in the company. The “Checklist”
Tanium — Tool Overview
What is Tanium? Tanium is an enterprise endpoint management and security platform that enables real-time visibility and control across every device in the environment. Unlike traditional security tools that rely on scheduled scans or passive data collection, Tanium queries endpoints directly and returns results in real time. For SOC analysts, this means the ability to…
Cyber Law
Cybersecurity Law Key Terms