Similar Posts
ServiceNow (SNOW) — Tool Overview
What is ServiceNow? ServiceNow (commonly referred to as SNOW) is a cloud-based IT service management (ITSM) platform used to manage assets, users, incidents, and service requests across the organization. For SOC analysts, ServiceNow serves as a central source of truth for asset and personnel context during an investigation. Key Features Relevant to SOC Operations Asset…
Standard Endpoint Investigation
Objective: Determine the distribution of a specific file across the environment to establish a baseline for the investigation. Exercise Note: For this instructional walkthrough, a Standard Reference MD5 Hash is utilized. This allows the Analyst to practice the workflow using a known, high-incidence file to ensure the system and parameters are responding as expected. Step…
VirusTotal — Tool Overview
What is VirusTotal? VirusTotal is a free, web-based threat intelligence service that aggregates results from over 70 antivirus engines, URL scanners, and security vendors to analyze suspicious files, hashes, URLs, IP addresses, and domains. It is widely used across the security community as a quick and reliable reference point during threat investigations. No account or…
The Global Hunt (Tanium)
Goal: Use a “Fingerprint” (MD5 Hash) to see if a file is on any computer in the company. The “Checklist”
Cloud Computing
https://aws.amazon.com/compliance/shared-responsibility-model
DomainTools — Tool Overview
What is DomainTools? DomainTools is a domain and DNS-based cyber threat intelligence platform used by security teams to investigate suspicious domains, IP addresses, and internet infrastructure. It enables security practitioners to stop threats before they happen using internet intelligence data, detection and monitoring tools, and predictive risk scoring. For SOC analysts, DomainTools is primarily used…