Relish in the uncertainty
The last bootcamp of the month saw three analysts from Accenture's Cheltenham SOC, Sean, Ben, and Tom come in to deliver the first of four SOC core skills bootcamps. We covered the structure of a SOC, what information sources we may work with, like SIEMs, XDRs, SOARs etc, to OSINT, out-of-office emails, and even DNS records.
hey went on to tell us about different log files, different formats, how they get aggregated, how they get filtered, what kind of information they can contain, and how to best make use of them. Eric
Zimmerman's EVTXeCMD and the Timeline Explorer were top of the list, for converting log files to CSV files, easily filtered using Timeline Explorer.
Last but certainly not least, they showed us how to think like an analyst, by looking for anomalies in behaviours, finding important pieces of information, pivoting with those pieces into other data sources, and using probabilistic speech when presenting our findings. A massive "Thank you!" from all of us to Ben Folland, Sean Nichol, and Tom Dinham for this peek behind the curtain and all the
knowledge they imparted. We can't wait to learn more about finding "bad"!
/
Comments