The SOC Analyst's Daily Arsenal

MM0X
Posted:
May 10, 2025
Home
Posts
SOC Analyst
The SOC Analyst's Daily Arsenal
Contents

Working as a SOC analyst is no piece of cake, and on a daily basis, you'll need a whole arsenal of tools to help you with your investigations. But we're not talking about the usual infrastructure tools like SIEM or EDR. This is about knowing how to uncover and verify the things you don't know, and knowing exactly where to look.

Threat Intelligence

Threat intelligence tools provide insights into potential threats by gathering and analyzing data from various sources. These tools help you understand and anticipate the tactics attackers might use.

  1. VirusTotal

Checks files and URLs against multiple antivirus engines, instantly flagging potential dangers.

  1. Hybrid Analysis

Powered by CrowdStrike, this sandbox delivers detailed reports on suspicious files.

  1. AlienVault OTX

A community-driven platform sharing the latest threats and indicators of compromise (IOCs).

  1. AbuseIPDB

Tracks malicious IP addresses reported by users worldwide, helping you identify risky connections.

  1. Browshling

Lets you browse and analyze web content just as if you were viewing it live, ensuring you see what the attacker sees.

Malware Analysis

They allow you to safely observe and interact with malware in a controlled environment, providing valuable insights into its functionality.

  1. Cuckoo Sandbox

Your own local sandbox for safely analyzing malware without uploading it online.

  1. Any.Run

A public sandbox that lets you interact with malware in real-time without endangering your system.

Phishing Analysis

Phishing analysis tools help you detect and analyze phishing attempts, allowing you to protect your organization from these common and potentially devastating attacks.

  1. URLScan.io

Scans and analyzes URLs to quickly check if a link is legitimate or part of a phishing scam.

  1. MailHeader Analyzer(mxtoolbox)

Uncovers signs of phishing or email spoofing by digging into email headers for detailed analysis.

  1. PhishTank

Community-driven database where you can identify and report phishing sites to protect others.

You can find more details about Phishing Email Analysis with this course:

https://app.letsdefend.io/training/lessons/phishing-email-analysis

Extra Resources

  1. MITRE ATT&CK

Maps out tactics and techniques used by cyber attackers, helping you understand and defend against complex threats more effectively.

These tools are your secret weapons for digging deeper into threats and staying ahead of the game. Add them to your toolkit and take your SOC analysis to the next level.

Share
letsdefend description card

You might also be interested in ...

Start learning cybersecurity today