Questions tagged [soc]
A SOC is a security operations center, a centralised facility in an organisation for monitoring the organisation's security posture, escalating or dealing with any security problems that arise.
31
questions
1
vote
0
answers
76
views
Security Incident Response Tracking [closed]
Besides Security IR tracking & workflow that is available in SIEM platforms, what are other tools that can do this such as standalone products like ServiceNow SIR or Everbridge xmatters? I found ...
1
vote
0
answers
71
views
Is Hanbook for CSIRTs still relevant learning material today?
The question is pretty self-explanatory. Is this book relevant today considering it has been published some time ago? If anyone has read it could you answer what are some things that have changed and ...
1
vote
0
answers
130
views
Hardware TOTP system-on-chip with strongly guarded seed
I am looking for hardware TOTP system-on-chip, where it would not be possible for an adversary to extract the shared secret (TOTP seed in other words). I am researching an application, where one same ...
0
votes
0
answers
67
views
Showing non security events in a timeline graph
I am trying to show a series of events from different platforms in a timeline graph to establish the activity of an object (login events, alerts etc.) across various security tools. Say I was looking ...
0
votes
1
answer
177
views
Is Sysmon.exe modifying root certificate legit activity
Today I got an alert on my Elastic SIEM that sysmon.exe has modified or created a root certificate.
I tried to look for the certificate thumbprint in the Microsoft trusted root program and could not ...
2
votes
1
answer
300
views
What is the difference between a SOC and a CSIRT?
So, from a summary of what I have found on the internet,
a SOC collects information and the CSIRT makes conclusions based on that info.
However, from what I see in labs/challenges websites like ...
1
vote
1
answer
192
views
What are the (two?) definitions of SOC?
On one hand "Security Operations Centre", but SOC is seemingly used in the reporting and certification domain, where does this come from? Is there another (or more) definitions of SOC in ...
2
votes
0
answers
145
views
Hardware Secure Element
After checking multiple suppliers and reading about HW secure elements, I would like to understand the use of this type of electronic components.
Maybe I´m wrong, but it seems a HW secure element ...
1
vote
1
answer
166
views
How to detect use of personal NAS devices from corporate machines?
We have an issue where people are taking laptops home and connecting them to their personal home networks in order to backup corporate data to their private NAS devices. From a DLP standpoint we have ...
1
vote
1
answer
336
views
Local Scans initiated from a VLAN Broadcast IP address
Just reviewing some logs and I am seeing local scans to several local IP addresses on port 137 within my network. The source IP however is the broadcast IP of the VLAN (.255).
I have checked the ...
41
votes
3
answers
9k
views
What is the meaning of Triage in Cybersec world?
I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? ...
0
votes
1
answer
1k
views
Contents for Security Operations Reporting
Are there good guides or references on what a monthly report from a Managed service provider such as a SOC would be ?
-1
votes
1
answer
202
views
How to calculate the priority and the severity of our daily cyber security intelligence threat feeds?
Some solutions (eg. FireEye ISight) can provide a daily feed where they will mention each reported issue with it's severity and priority. Usually those companies will do some basic research and look ...
-1
votes
1
answer
180
views
Where should I look for information once there is a security incident reported on breaking news? [closed]
We see breaking news alerts popping up with some dramatic headline, but headlines can be tricky and bring a lot of chaos to the organization and more specifically to the SOC.
Where will be the best ...
2
votes
2
answers
452
views
How should we mitigate threats that are keep coming to our security monitoring system?
We have continuous cybersecurity threat feeds that coming to our SOC on a daily basis from different sources that provide all the new CVEs, new malware variations and more. We just don't know how to ...