Effective Threat Investigation For Soc Analysts Pdf

The primary resource matching your request is the book Effective Threat Investigation for SOC Analysts Mostafa Yahia , published by Packt Publishing in August 2023. Core Content & PDF Availability

11. Forensic & legal considerations

• Block egress destinations at firewall/proxy, throttle bandwidth, preserve captures, notify legal if regulated data.

1. Example 1: Ransomware Attack: A SOC analyst received an alert about a potential ransomware attack. The analyst quickly assessed the situation, gathered data, and determined that the attack was caused by a phishing email. The analyst contained the threat, eradicated the malware, and restored systems.
2. Example 2: Advanced Persistent Threat (APT): A SOC analyst detected a potential APT. The analyst gathered data, analyzed network traffic, and identified a suspicious domain. The analyst worked with the incident response team to contain and eradicate the threat.

• Tier 0 (Domain Controllers, Backup Servers) – Stop everything. Escalate immediately.
• Tier 1 (Application Servers, Database Servers) – Severe incident. Quarantine.
• Tier 2 (User Workstations) – Moderate. Investigate user behavior.