During the investigation, SOC analysts do a few things at the same time. For instance: checking IP reputation, malware analysis, looking log management etc. And for saving time, they use some security tools. We listed the best tools/services for security analysts can use during the job.
Investigation
Process Hacker
Great tool for monitoring the system and detecting suspicious situations. It’s also free.
FullEventLogView
It displays all event logs in a table, which helps to decrease the investigation time.
BrowsingHistoryView
It gives you the history of different browsers in one table.
If you don’t know to how to investigate Windows/Linux hosts, you can check these free courses: Free SOC Analyst Training
Checking Reputation
VirusTotal
You can both IP and hash search on VT database. and find relationships about suspicious IP/files
Abuse IPDb
You can check if the IP address has been reported before. Let’s say you found a suspicious IP address on your firewall logs and want to ensure is IP address did something bad before.
Cisco Talos
You can search by IP, domain, or network owner for real-time threat data.
Online Sandbox
AnyRun
This is an interactive malware analysis platform. Very useful for finding command and control addresses of malware and understanding the purpose. You can use it with the free version.
Hybrid-Analysis
It provides an analysis report with Falcon Sandbox and Hybrid Analysis technology.
urlscan
If you specifically want to scan URL addresses, it’s useful tool for you.
Try to investigate SOC alerts with these tools now: Start as a SOC Analyst
Other
MXToolBox
During the phishing campaign analysis, it would be helpful for spoofing analysis. You can compare the SMTP addresses.
Koodous
Provides malicious APK data
python-oletools
It helps to analyze the Microsoft OLE2 files (Office documents, Outlook messages, etc.)
Learning how to use these tools is the easy part. As a SOC Analyst, you should able to investigate different kinds of incidents like phishing, malware, ransomware, proxy, etc. If you want to practice in SOC environment with these tools, you can register to LetsDefend for free.