Let's build our own SOC using open-source tools such as Zeek, Sigma and OSQuery. Please note, this is a bit of a notes dump of how I set it up. It is not a step by step guide but you could pop this into an AI chat bot to get a step by step guide going for your systems. For quite some time now I have been concentrating on offensive security, malware analysis and reverse engineering. But let's flip the script and start to look at how to defend against all of the above and more. The SOC is the command hub of enterprise defense, it is where large amounts of data from endpoints, networks, application and cloud services are collected and analysed. A skilled SOC analyst balances technical fluency with adversary knowledge. First step - Determine our adversary framework First we need to understand our adversary framework so we get a head start on knowing how to build our detection platform. We will engineer our detection directly to the MITRE ATT&CK framework (https://attac...
Let's build our own SOC using open-source tools such as Zeek, Sigma and OSQuery. Please note, this is a bit of a notes dump of how I set it up. It is not a step by step guide but you could pop this into an AI chat bot to get a step by step guide going for your systems. For quite some time now I have been concentrating on offensive security, malware analysis and reverse engineering. But let's flip the script and start to look at how to defend against all of the above and more. The SOC is the command hub of enterprise defense, it is where large amounts of data from endpoints, networks, application and cloud services are collected and analysed. A skilled SOC analyst balances technical fluency with adversary knowledge. First step - Determine our adversary framework First we need to understand our adversary framework so we get a head start on knowing how to build our detection platform. We will engineer our detection directly to the MITRE ATT&CK framework (https://attac...