Analysis | Techniques | Tools
Similar Posts
Cyber Analysis 102
Endpoint Analysis & Asset Investigation — L1 SOC Analyst Guide Overview This guide covers the initial steps for investigating endpoint alerts for the L1 Analyst onboarding. The focus is on determining whether a known malicious hash exists in the environment and identifying the affected device and its user. By the end of this section you…
VirusTotal — Tool Overview
What is VirusTotal? VirusTotal is a free, web-based threat intelligence service that aggregates results from over 70 antivirus engines, URL scanners, and security vendors to analyze suspicious files, hashes, URLs, IP addresses, and domains. It is widely used across the security community as a quick and reliable reference point during threat investigations. No account or…
The Triple Punch
Standard Endpoint Investigation Workflow Objective: To determine if a file is safe or malicious, find out who has it, and confirm if security controls (Antivirus) took action. Punch 1: The Inventory Hunt (Scope & Presence) Punch 2: The Reputation Check (Global Intel) Punch 3: The Log Audit (Security Action) Investigation Summary Checklist
Tanium — Tool Overview
What is Tanium? Tanium is an enterprise endpoint management and security platform that enables real-time visibility and control across every device in the environment. Unlike traditional security tools that rely on scheduled scans or passive data collection, Tanium queries endpoints directly and returns results in real time. For SOC analysts, this means the ability to…
Standard Endpoint Investigation
Objective: Determine the distribution of a specific file across the environment to establish a baseline for the investigation. Exercise Note: For this instructional walkthrough, a Standard Reference MD5 Hash is utilized. This allows the Analyst to practice the workflow using a known, high-incidence file to ensure the system and parameters are responding as expected. Step…
Axonius — Tool Overview
What is Axonius? Axonius is a Cyber Asset Attack Surface Management (CAASM) platform that aggregates and correlates device and user data from across the organization’s existing security and IT tools. Rather than replacing existing tools, Axonius continuously normalizes, deduplicates, and enriches aggregated asset data to provide a complete and accurate picture of the entire technology…