During the investigation, SOC analysts do a few things at the same time. For instance: checking IP reputation, malware analysis, looking log management etc. And for saving time, they use some security tools. We listed the best tools/services for security analysts can use during the job.
Great tool for monitoring the system and detecting suspicious situations. It's also free.
It displays all event logs in a table, which helps to decrease the investigation time.
It gives you the history of different browsers in one table.
If you don't know to how to investigate Windows/Linux hosts, you can check these free courses: Free SOC Analyst Training
You can both IP and hash search on VT database. and find relationships about suspicious IP/files
You can check if the IP address has been reported before. Let's say you found a suspicious IP address on your firewall logs and want to ensure is IP address did something bad before.
You can search by IP, domain, or network owner for real-time threat data.
This is an interactive malware analysis platform. Very useful for finding command and control addresses of malware and understanding the purpose. You can use it with the free version.
It provides an analysis report with Falcon Sandbox and Hybrid Analysis technology.
If you specifically want to scan URL addresses, it's useful tool for you.
Try to investigate SOC alerts with these tools now: Start as a SOC Analyst
During the phishing campaign analysis, it would be helpful for spoofing analysis. You can compare the SMTP addresses.
Provides malicious APK data
It helps to analyze the Microsoft OLE2 files (Office documents, Outlook messages, etc.)
Learning how to use these tools is the easy part. As a SOC Analyst, you should able to investigate different kinds of incidents like phishing, malware, ransomware, proxy, etc. If you want to practice in SOC environment with these tools, you can register to LetsDefend for free.
