Effective threat investigation for SOC analysts the ultimate guide to examining various threats and attacker techniques using security logs

Detect and investigate various cyber threats and techniques carried out by malicious actors by analyzing logs generated from different sources Purchase of the print or Kindle book includes a free PDF eBookKey FeaturesUnderstand and analyze various modern cyber threats and attackers' techniquesG...

Descripción completa

Detalles Bibliográficos
Otros Autores: Yahia, Mostafa, author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham, England : Packt Publishing Ltd [2023]
Edición:1st ed
Materias:
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009764838706719
Descripción
Sumario:Detect and investigate various cyber threats and techniques carried out by malicious actors by analyzing logs generated from different sources Purchase of the print or Kindle book includes a free PDF eBookKey FeaturesUnderstand and analyze various modern cyber threats and attackers' techniquesGain in-depth knowledge of email security, Windows, firewall, proxy, WAF, and security solution logsExplore popular cyber threat intelligence platforms to investigate suspicious artifactsBook DescriptionEffective threat investigation requires strong technical expertise, analytical skills, and a deep understanding of cyber threats and attacker techniques. It's a crucial skill for SOC analysts, enabling them to analyze different threats and identify security incident origins. This book provides insights into the most common cyber threats and various attacker techniques to help you hone your incident investigation skills. The book begins by explaining phishing and email attack types and how to detect and investigate them, along with Microsoft log types such as Security, System, PowerShell, and their events. Next, you’ll learn how to detect and investigate attackers' techniques and malicious activities within Windows environments. As you make progress, you’ll find out how to analyze the firewalls, flows, and proxy logs, as well as detect and investigate cyber threats using various security solution alerts, including EDR, IPS, and IDS. You’ll also explore popular threat intelligence platforms such as VirusTotal, AbuseIPDB, and X-Force for investigating cyber threats and successfully build your own sandbox environment for effective malware analysis. By the end of this book, you’ll have learned how to analyze popular systems and security appliance logs that exist in any environment and explore various attackers' techniques to detect and investigate them with ease.What you will learnGet familiarized with and investigate various threat types and attacker techniquesAnalyze email security solution logs and understand email flow and headersPractically investigate various Windows threats and attacksAnalyze web proxy logs to investigate C&C communication attributesLeverage WAF and FW logs and CTI to investigate various cyber attacksWho this book is forThis book is for Security Operation Center (SOC) analysts, security professionals, cybersecurity incident investigators, incident handlers, incident responders, or anyone looking to explore attacker techniques and delve deeper into detecting and investigating attacks. If you want to efficiently detect and investigate cyberattacks by analyzing logs generated from different log sources, then this is the book for you. Basic knowledge of cybersecurity and networking domains and entry-level security concepts are necessary to get the most out of this book.
Notas:Includes index.
Descripción Física:1 online resource (314 pages)
ISBN:9781837638758