Series

SOC Learning Day 1

This is my first day of learning SOC.

Security Operation Center - Level 1
SOC L1 is the first line of defence in an organization. SOC exists to minimize "Dwell Time" (the time an attacker stays hidden in the network or system without SOC breaches are discovered by customers
Jun 16, 20265 min read21
The SOC operating models
1. In-House (Internal) SOC- A company builds and runs its own SOC internally using its people, tools and processes. 2. Outsourced/Managed SOC (MSP/MSSP)- Third party security company(MSSP) provides
Jun 17, 20265 min read4
TTP(Tactics, Techniques and Procedures)
They describe how attacker thinks, acts and operate during a cyber attack. If as Indicator Of Compromise(IOC) tells you what happened, TTPs tell you how and why it happened. SOC analyst use TTPs to:
Jun 18, 20265 min read13
Cyber Kill Chain vs MITRE ATT&CK
1. Cyber kill chain framework - The Cyber kill chain is a foundational cybersecurity framework developed by Lockheed Martin that models the stages of a cyber attack. It is a linear model based on atta
Jun 19, 20264 min read