Basic Guide on SOC (Security Operation Center)
Joas A Santos
Red Team | Author of Books | Speaker and Teacher | APT Hunting | Adversary Simulation
What is a SOC? What is its use?
The Security Operations Center means, in its literal translation, Security Operations Center, which can be understood as a centralizer of services aimed at information security, from specific projects to the conduct manual of people, processes and technology adopted by the company . The purpose of a SOC is to ensure data security. For this, the activities carried out involve:
Thus, a SOC is composed of five distinct modules:
The main problem found in the construction of a SOC is the integration of all these modules and the correlation of data they generate, commonly constructed as autonomous parts, reconciling the integrity, availability and confidentiality of data and its transmission channels.
What tools and contents can I study to implement a SOC?
This is a question that many ask, as what usually goes into a SOC? Is it just a SIEM?
In fact SIEM is just one of the things that are part of a solution within a SOC, so if you want to work as a SOC Analyst or even a Security Analyst, you need to know the fundamentals of (Computer networks, Operating Systems, Infrastructure, Virtualization, Programming Logic, etc.)
Let's see some tools that can be used in a SOC?
SIEM (Security Event Management and Correlation)
Security Event Management and Correlation is a Software solution that combines SIM and SEM. A SIEM solution allows events generated by various security applications.
SIEM allows an organization to view its security events across the entire enterprise. By gathering log data from security systems, operating systems, applications and other software components, it can analyze large volumes of data and identify attacks.
RSA: https://www.rsa.com/
IBM Security (QRadar): https://lnkd.in/d2fkUTE
Splunk: https://lnkd.in/dEFxRkD
McAffe: https://lnkd.in/dFw_AJS
Logrhythm:https://logrhythm.com/
OSSIM: https://lnkd.in/dyU4zy3
EventTracker: https://lnkd.in/dHwzHWB
Elastic: https://lnkd.in/dkdSWth
TrustWave: https://lnkd.in/dwKcHWM
ArcSight: https://lnkd.in/dsMv-4V
InsightIDR: https://lnkd.in/dXbDrHq
Required knowledge:
Network and Infrastructure Monitoring
Zabbix: https://www.zabbix.com/download
Nagios: https://www.nagios.org/
Whatsupgold: https://www.whatsupgold.com/
Cacti: https://www.cacti.net/
Icinga: https://icinga.com/
Wireshark: https://www.wireshark.org/
Tcpdump: https://www.tcpdump.org/
Required knowledge:
Gerenciamento de LOGS
Graylog: https://www.graylog.org/
Xpolog: https://www.xplg.com/
Loggly: https://www.loggly.com/
Required knowledge:
Gest?o de Vulnerabilidade
Nessus: https://pt-br.tenable.com/
Nexpose: https://www.rapid7.com/
Qualys: https://www.qualys.com/
Outpost24: https://outpost24.com/
Required knowledge:
领英推荐
Threat Intelligence
Security Compass: https://www.securitycompass.com/
DCX Technology: https://www.dxc.technology/
OSINT Framework: https://osintframework.com/
Incident Response:
Computer Forensic:
Methodology Vulnerability Assessment :
Engenharia Reversa e Analise de Malware:
https://www.youtube.com/watch?v=Sp6Y83rdISo (Sobre Engenharia Reversa)
https://www.youtube.com/channel/UCuQ8zW9VmVyml7KytSqJDzg (Papo Binário)
https://www.youtube.com/watch?v=ZKObRxxbOCQ&list=PLBf0hzazHTGMSlOI2HZGc08ePwut6A2Io (Playlist Analise de Malware)
https://www.youtube.com/watch?v=D6mVIos-S2M (Introdu??o a Engenharia Reversa)
https://www.youtube.com/watch?v=Sv8yu12y5zM (Engenharia Reversa)
https://www.youtube.com/watch?v=LC81gbmTsiE&list=PLUFkSN0XLZ-kwukmQOAgCZ08C5REoZElt (Playlist Engenharia Reversa de Malware)
Algumas certifica??es:
EC-COUNCIL
CND (Certified Network Defender), CEH (Certified Ethical Hacker), ECIH (Certified Incident Handler), CHFI (Computer Hacking Forensic Investigator), ECSA (Certified Security Analyst), CSA (Certified SOC Analyst), CTIA (Certified Threat Intelligence Analyst)
Aonde estudar? https://acaditi.com.br/
CompTIA
Network+, Security+, CySA+, Linux+, Casp+, PenTest+
Aonde estudar? https://www.strongsecurity.com.br/ e https://4linux.com.br/cursos/linux (Mesmo sendo foco LPI1, "s?o quase o mesmo conteúdo")
This is a small content about SOC, if you want to pursue a career in the field of SOC Analyst, I recommend Cybrary's guide
Take a look and try to set up your own labs to put your knowledge into practice.
Consultor de seguran?a da informa??o | GRC | SOC
2 年Cara, muito bom esse artigo!!! Me ajudou muito a ter uma base de estudos ??????
Information Security | AppSec | Cybersecutity
2 年Pedro Costa
Analista de seguran?a da informa??o GRC - ISH | Pentester | Red Team
2 年Muito bom seus conteúdos, continua assim, ajuda muita gente.
Cloud | DevOps | CyberSecurity
4 年Valeu Joas mais um excelente artigo.
Information Security | Blue Team | SOC | CyberSecurity
4 年Tmj brow ??