SOC Analyst Career Guide : Become Highly Skilled in Security Tools, Tactics, and Techniques to Jumpstart Your SOC Analyst Career.

Format:

Book

Author/Creator:

Kent, Kyler.

Language:

English

Subjects (All):

Computer networks--Security measures.

Computer networks.

Computer networks--Security measures--Vocational guidance.

Physical Description:

1 online resource (600 pages)

Edition:

1st ed.

Place of Publication:

Birmingham : Packt Publishing, Limited, 2025.

Summary:

Develop the SOC analysis, triage, and investigation skills needed to succeed as a SOC analyst with the help of hands-on labs, exercises, and scenario-based training Key Features Master SIEM and learn to investigate, triage, and move beyond automation via SOAR Explore an operational SOC from the inside-out and develop a coherent career path.

Contents:

Cover

Title Page

Foreword

Contributors

Table of Contents

Preface

Free Benefits with Your Book

Part 1: Introduction to the SOC

Chapter 1: Introduction to Security Operations

Discovering security operations

Understanding the SOC

Fitting the SOC into the modern enterprise

Building a secure foundation: security engineers and architects

Analyzing SOC analysts

Responding to incidents (incident responders) and threat hunting

Exploring the SOC career outlook

Managing the SOC (SOC managers)

Engineering in the SOC (SOC engineers)

Responding to incidents (incident responders)

Threat hunting in the SOC

Understanding security operations in the modern enterprise

Introducing cybersecurity: A necessary business practice

Securing the modern business: The role of security professionals

Understanding the organization's software and network infrastructure

Managing vulnerabilities

Proactive hunting, responding to alerts, and stopping cyber incidents

Understanding challenges in a modern organization

Integrating security in business practices

Introducing the CIA triad

Discovering GRC issues in the modern SOC

Understanding GRC Requirements

Compliance Examples in the Financial Services Industry: SOX and GLBA

Studying the Gramm-Leach-Bliley Act (GLBA)

Linking Cybersecurity and financial regulations/GRC

Introducing the blue team, detection, and engineering

Defining the blue team

Purple teaming

Understanding MITRE ATT&amp

CK

Learning about threat detection and methods

Engineering in the blue team

Utilizing SOAR

Summary

Get This Book's PDF Version and Exclusive Extras

Chapter 2: SOC Roles Fundamentals

The SOC analyst role

Understanding SOC rules

Timing

Shift changeover

Tiering.

Using security tools and triaging

Triaging

Collaborating

Managing the SOC (the SOC manager role)

The importance of soft skills

The role's functions

Supporting external vendors and third parties

Managing time

Understanding SLAs

Contributing as an individual

Representing the SOC

Engineering (the SOC engineer role)

Introducing the SIEM

Understanding the criticality of the SIEM

Protecting the SIEM

Troubleshooting

Supporting the CIA triad

Supporting high availability

Maintaining confidentiality

Managing change

Responding to incidents (incident responder role)

Incident response and key frameworks

The incident responder's adversaries

Understanding the incident response life cycle

Hunting threats (the threat hunter role)

The Pyramid of Pain

Hunting threats under three methods

Hunting skills and tools

Chapter 3: Detection Engineering

Technical requirements

Understanding and using SIEM and SOAR

Becoming familiar with modern SIEMs

Example SIEM alerts dashboard pages

Comparing SIEMs

Understanding SIEM architecture

Deployment strategies

Understanding SOAR

Using platform-specific security, orchestration, automation, and responses

Triaging alerts

SIEM alerts

Acquainting with SIEM platforms

Handling an alert surge

Organizing alerts and detections

Drilling into alert details

Pivoting to Splunk and other SIEMs

Using triage steps

Drilling down in Anvilogic and Splunk

Summarizing the triage steps

Creating your home lab

Setting up Splunk

Using Splunk

Using additional Splunk options

Investigating with Splunk

Installing Security Onion 2

Setting up a network TAP

Booting into Security Onion to complete the SIEM setup

Configuring Security Onion 2.

Get This Book's PDF Version and Exclusive Extras

Chapter 4: Conducting a Mock Intrusion

Preparing for a mock intrusion

Security Onion Elastic Agent setup

Domain controller setup

Kali Linux workstation setup

Architecture considerations

Reconnaissance

Defender's perspective

Engaging in a mock intrusion

Getting started

Configuring a vulnerable user

Performing reconnaissance

Gaining access

Using Mimikatz and getting the golden ticket

Using RDP

Getting Mimikatz on disk

Running Mimikatz to get the golden ticket

Detecting further Mimikatz attacks or activities

Chapter 5: Incident Response, Forensics, and Recovery

Conducting incident response

Continuing the lab

Containing the network

Isolating Elastic Defend hosts - EDR-based isolation

Using rogue network countermeasures

Understanding availability concerns with network quarantine

Managing credentials and identities in Active Directory during an incident

Simulating an incident response plan

Performing forensic analysis

Detonating ransomware

Using FTK

Analyzing your first FTK image

Analyzing memory dumps

Reviewing browser history

Recovering from an incident

Restoring from a snapshot

Using VMware Workstation Pro backups

Restoring other systems

Part 2: Detailed SOC Analysis

Chapter 6: Blue Team Technologies, Tools, and TTPs

Hunting threats with Splunk and Elastic

Running manual and scheduled queries

Executing manual Splunk queries

Scheduled queries/SIEM detections in Elastic

Thinking proactively

Using cyber threat intelligence

Hunting for IOCs.

Using SOC engineering technologies, tools, and TTPs

Advancing SIEM engineering

Monitoring system uptime via Uptime Kuma

Verifying MITRE ATT&amp

CK coverage

Conducting advanced SIEM detection engineering

Deploying an IPS with Snort

Configuring VMware Workstation Player

Installing Snort on Ubuntu

Testing the Snort IDS

Creating a Snort IPS rule to block this traffic

Learning SOC analyst technologies, tools, and TTPs

Understanding the Boss of the SOC (BOTS) CTF

Deploying BOTS v3: Options

Deploying in TryHackMe

Deploying in a self-hosted Splunk instance

Understanding tips for the CTF

Finding additional training resources for BOTS

Completing the CTF

Managing SOC operations with blue team tooling

Managing employees

Scheduling

Writing and enforcing policies

Publishing and enforcing time-off expectations

Managing access to privileged confidential material

Continuous monitoring of employees

Considering the privacy, ethical, and legal issues of continuous monitoring and RMM tools

Scheduling alerts and jobs in Splunk to measure employee performance and productivity

Understanding incident responder technologies, tools, and TTPs

Using Wireshark, Kali, and other security tools to respond

Analyzing an attack

Attributing an attack

Understanding legal issues when handling evidence or performing forensics

Safeguarding digital evidence

Writing an incident report

Chapter 7: Red Team Technologies, Tools, and TTPs

Performing LAN and web app vulnerability assessments

Using Nessus against the LAN

Preparing Nessus

Adding potentially vulnerable hosts

Running Nessus

Setting up and scanning a vulnerable web application

Installing DVWA.

Installing Zed Attack Proxy (ZAP)

Executing ZAP against DVWA

Analyzing ZAP results

Using Kali Linux to conduct LAN attacks

Using passive reconnaissance

Nmap

Virtual machine compromise

Zenmap

Exploiting the LAN with active reconnaissance and manipulation

Using Ettercap

Performing man-in-the-middle (MITM) and ARP poisoning

Capturing credentials

Conducting passive sniffing and comparing it to Wireshark

Finalizing a remote LAN attack with CrackMapExec and SecretsDump

Enumerating with CrackMapExec

Dumping credentials with CrackMapExec

Using Impacket to compromise an entire Active Directory database

Using Metasploit to conduct exploitation

Starting Metasploit

Setting up a vulnerable Metasploit-able host

Exploiting the host

Conducting post-exploitation

Chapter 8: OS/Endpoint Security

Understanding Windows OS fundamentals

Grasping Windows architecture

Understanding Windows core processes

Understanding other important Windows concepts

Comprehending BitLocker

Balancing and prioritizing security patching

Vulnerabilities

Monitoring points

Analyzing Sysmon and Windows event logs

Learning to use Sysinternals

Installing and using Sysinternals

Learning about the individual tools

Process Explorer

Process Monitor

Sysmon

PsExec

Single-function utilities

Using Process Monitor and Process Explorer in a lab

Sysmon lab

PsExec lab

Understanding macOS, Linux, and ChromeOS fundamentals

macOS

Learning about macOS architecture

Understanding Linux

Learning about Linux architecture

Understanding ChromeOS

Learning about ChromeOS architecture

Using Osquery

Deploying and initializing Osquery

Using targeted queries.

Checking programs installed.

Notes:

Description based on publisher supplied metadata and other sources.

ISBN:

1-83546-593-5

9781835465936

OCLC:

1568742320

Publisher Number:

CIPO000325665