Conclusion

With every raising tickets, the tasks increase. It is the job of a responsible SOC analyst to be alert. Continuous monitoring, efficient response, in depth analysis, and thorough investigation of events are core responsibilities of a security analyst.

There were a lot of troubleshooting steps involved during the exercise. I can keep investigating the continuously ingested logs from the endpoints, and keep trying to find out advanced techniques to mitigate the alerts being generated. I can also try more automation techniques to improve the performance of this SOC setup.

However, for now, I am concluding this lab here. I will keep adding more lab exercises and practical walkthroughs on my web.

Thanks for giving it a read!

// Until next lab // 🤜