Everything You Need For Building The Appropriate SOC Capability

SOC Library

Tuning,UseCase,Threat Detection,SIEM,Playbook

Security Operations Center Library

Selection of our best topics in the blog.

Understanding Cyber Threat Intelligence

June 1, 2022

UseCase

Splunk Queries for Detecting Anomalous URIs in Web Traffic

June 17, 2022

UseCase

Event Categories and Recommended UseCase (Part two)

October 2, 2022

Tools

Event Categories and Recommended UseCase(Part1)

June 10, 2022

Playbook

Recent Articles

0

-

UseCase

Empire tool is one of the post-exploitation frameworks with an HTTP module; attackers can use it for various malicious purposes, for example, C&C. Empire HTTP traffic analysis Using the Empire and its HTTP module: After the attacker infiltrates the victim...

Event Categories and Recommended UseCase (Part two)

This post is part two of Event Categories and Recommended UseCase, you can see part one : The guidelines provided in this article help SOC professionals in understanding and respond to security monitoring requirements in a more professional manner. Additionally,...

Splunk Configuration file precedence

How does Splunk prioritize and merge the configuration files? When editing configuration files, it is important to understand how Splunk software evaluates these files and which ones take precedence. When incorporating changes, Splunk software does the following to your configuration...