Scribd
Upload
10 views2 pages

SOC Tools

The document outlines essential cybersecurity tools and skills for job seekers, including SIEM (Splunk), network analysis (Wireshark), threat intelligence (VirusTotal), scripting (Python), vulnerability scanning (Nessus), incident response (TheHive), and EDR (CrowdStrike Falcon). It also provides project ideas for practical experience, such as log analysis, incident response simulation, network traffic analysis, threat intelligence automation, vulnerability management, and creating SOC playbooks. Candidates are encouraged to have a GitHub or blog showcasing their work in these areas.

Uploaded by

layiyi3371
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views2 pages

SOC Tools

The document outlines essential cybersecurity tools and skills for job seekers, including SIEM (Splunk), network analysis (Wireshark), threat intelligence (VirusTotal), scripting (Python), vulnerability scanning (Nessus), incident response (TheHive), and EDR (CrowdStrike Falcon). It also provides project ideas for practical experience, such as log analysis, incident response simulation, network traffic analysis, threat intelligence automation, vulnerability management, and creating SOC playbooks. Candidates are encouraged to have a GitHub or blog showcasing their work in these areas.

Uploaded by

layiyi3371
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

1.

SIEM (Security Information and Event Management)


Splunk
Reason: Industry standard, widely used in enterprises, and a frequent interview
topic.Tip: Know how to search logs, create dashboards, and set up alerts in Sp
lunk.
2. Network Analysis
Wireshark
Reason: Universal packet analysis tool, often used in practical interview tasks.
Tip: Be able to filter, analyze, and explain common attack patterns (port scans,
exfiltration).
3. Threat Intelligence
VirusTotal
Reason: The goto tool for file and URL analysis, hash lookups; often referenced
in real-world scenarios.Tip: Know how to submit samples and interpret results.
4. Scripting/Automation
Python
Reason: Most SOC automation, parsing, and integration tasks are done in Pyth
on.Tip: Be ready to write basic log parsers, alerting scripts, or integrations.
5. Vulnerability Scanning
Nessus
Reason: Most requested by employers for vulnerability management and repo
rting.Tip: Know how to run scans and interpret Nessus reports.
6. Incident Response / Case Management
TheHive
Reason: Common open-
source case management platform; referenced in modern SOCs.
Tip: Understand basic case creation, workflow, and evidence tracking.
7. EDR (Endpoint Detection and Response)
Reason: CrowdStrike Falcon is widely used in enterprise environments and is fr
equently mentioned in job descriptions.

Interviewers often ask about experience with its dashboard, detection/respons


e workflows, and threat hunting features.

It is considered the industry leader in the EDR space.

HAVE A GITHUB (OR BLOG) WITH SAMPLE PLAYBOOKS,

SCRIPTS, DETECTION RULES, AND REPORTS.


A. SIEM Log Analysis Project
 Simulate a small enterprise environment (Windows/Linux logs, application logs, firew
all logs).
 Use a SIEM tool (e.g., Splunk, ELK/Elastic Stack, Wazuh, Graylog) to:
o Ingest and parse logs.
o Create dashboards and alerts for suspicious activities (failed logins, privilege e
scalation, etc.).
 Document incident detection and response workflow.

B. Incident Response Simulation


 Create and document a mock incident (e.g., phishing, malware infection, lateral move
ment).
 Show step-by-step investigation:
o Log review, timeline creation, evidence collection.
o Use tools like TheHive, CyberChef, Volatility (for memory analysis).

C. Network Traffic Analysis


 Capture and analyze traffic with Wireshark or Zeek (formerly Bro).
 Identify common attacks (port scans, brute force, data exfiltration).
 Write a report on findings.

D. Threat Intelligence Automation


 Script to pull threat feeds (using Python and APIs like VirusTotal, AbuseIPDB, AlienVa
ult OTX).
 Correlate threat intel with sample logs or network data.

E. Vulnerability Management Dashboard


 Scan a local network with Nessus/OpenVAS.
 Create a dashboard/report summarizing vulnerabilities and remediation steps.

F. SOC Playbooks
 Write step-by-step response playbooks for:
o Malware alert
o Suspicious outbound traffic
o Insider threat

You might also like