SOC analysts need a lot of theoretical and practical knowledge when detecting threats in their work routines. One of the best sources they can obtain this information is books. We will talk about 3 different books in this article:
Title: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Target Audience: SOC Analysts(Tier 1,2), Malware Analysts
Level: Beginner - Medium
Authors: Andrew Honig and Michael Sikorski
About the book: The first part of the book describes what malware analysis is. The following sections explain the use of tools required for malware analysis, the establishment of a secure analysis environment, and malware analysis with practical examples. The importance of virtual machines in malware analysis is also mentioned in the book. The book covers static, dynamic, and advanced static analysis topics. After reading this book, the reader will have learned the foundations of malware analysis, how to conduct it in a fundamental sense, and the stages of malware analysis by setting up the analysis environment. In addition, the fact that the book works with practical examples for gaining practice is one of the advantages of the book to the reader. Some of the tools included in the book are as follows:
You can follow the SOC Analyst career path on LetsDefend, if you do not know how to start.
Title: Blue Team Field Manual (BTFM)
Target Audience: SOC Analysts(Tier 1,2,3)
Level: Beginner
Authors: Ben Clark and Ajan J. White
About the book: It is a reference book that covers the tactical steps and details to be taken in cyber security incident response. This book covers the main topics for carrying out blue team operations. Topics around the 5 core functions of Incident Response Steps (Identify, Protect, Detect, Respond, and Recover) are included in the book.
Title: Applied Network Security Monitoring: Collection, Detection, and Analysis
Target Audience: SOC Analysts (Tier 1,2,3)
Level: Medium
Authors: Chris Sanders and Jason Smith
About the book: The book covers the concepts of Network Security Monitoring (NSM) firstly. The book is around three general topics:
Details of each subject are explained under these general topics. “SecurityOnion” as an operating system is described in the book. The book uses real-life examples to convey the concept of NSM and its components to the reader. Some of the tools described in the book are as follows: