SOC 101: Real-time Incident Response Walkthrough

Поділитися
Вставка
  • Опубліковано 28 гру 2024

КОМЕНТАРІ • 154

  • @sielecassharpe678
    @sielecassharpe678 9 місяців тому +7

    As a new soc analyst, I found this video very valuable! I got so much insight in such a short amount of time as well as how you should investigate and look into activities. Thanks a ton!

  • @rmcgraw7943
    @rmcgraw7943 2 роки тому +56

    Been an Ent Architect for 25+ yrs and that’s the best clearest, most concise explanation of determining how best to find hidden processes on computers. Thanks.

  • @laureanocavallo2476
    @laureanocavallo2476 3 роки тому +62

    I felt this 12 minutes like 5 minutes. That's when you can tell it's a good video. Entertaining, informative and educational.

    • @KeatronEvans
      @KeatronEvans 2 роки тому +2

      Thanks for watching!

    • @muhammadsaeed-ks2xn
      @muhammadsaeed-ks2xn Рік тому

      ّ
      😊چ
      ۃ
      ۃچ
      ےچج
      ّچجچچچ
      ځ،
      چ
      ځ
      ّچ
      ّ
      ّ
      ّ
      ّجک
      ځ
      ّ،کجکج
      Ooo

  • @MereAYT
    @MereAYT Рік тому +6

    This is great. It is rare to find such a good walkthrough on this stuff. Thanks!

  • @x0rZ15t
    @x0rZ15t 3 роки тому +59

    Finally, a real look into the trenches of SOC and IR.
    Please keep up a good work!

  • @draperw86
    @draperw86 Рік тому +2

    Dang Keatron you break it down like this was a sermon !! This is awesome

  • @johnpiernicky8674
    @johnpiernicky8674 2 роки тому +7

    I'm trying to get a job as a SOC Analyst Tier 1. I was told that Exabeam was used in addition to Splunk. I am grateful for these videos as they really give a good demonstration and let the viewer see how this works. The dashboard looks great and user friendly, and the ability to move from the dashboard to investigating the alert is a nice thing to see.

  • @nicksmith5400
    @nicksmith5400 3 роки тому +43

    Why does this only have 1.5k views?
    Great walkthrough sir.

    • @ExabeamSIEM
      @ExabeamSIEM  3 роки тому +3

      Trending upward!

    • @okeyokafor648
      @okeyokafor648 3 роки тому +1

      It has 20k views now.

    • @kharikyle3610
      @kharikyle3610 3 роки тому

      Sorry to be so offtopic but does anyone know of a tool to log back into an instagram account..?
      I stupidly forgot my password. I appreciate any help you can give me.

    • @nasirkyng6766
      @nasirkyng6766 3 роки тому

      @Khari Kyle Instablaster =)

    • @kharikyle3610
      @kharikyle3610 3 роки тому

      @Nasir Kyng thanks so much for your reply. I got to the site thru google and Im in the hacking process now.
      Seems to take quite some time so I will reply here later with my results.

  • @FracturesHD
    @FracturesHD 4 роки тому +60

    This was an amazing video! I recently got a job as a IR team member after a few years of being a network analyst. Although I have the foundations, I am very new to the job itself so this type of video helps me so much! I will definitely be subscribing!

    • @wilfredoperez1804
      @wilfredoperez1804 4 роки тому +1

      How long have you been doing IT? Do you recommend any certs?

    • @ExabeamSIEM
      @ExabeamSIEM  4 роки тому +2

      We're so glad you found it useful!

    • @FracturesHD
      @FracturesHD 4 роки тому +9

      @@wilfredoperez1804 I've been in the field about 10 years total now if you include education. I currently only have my CompTIA Sec+ and Net+ but for some reason HR departments love those. I don't think they're worth all that much personally, but the amount of offers I got after getting my Sec+ was crazy. I also would recommend looking into the GIAC certifications if you are getting serious about this sort of stuff! I hope you are able to make it into the field easily!

    • @gopim6142
      @gopim6142 3 роки тому

      Could you please give me your contact number, am also trying to soc analyst

  • @daslynhug8953
    @daslynhug8953 Рік тому

    Whew would recommend this video to anyone! Thank you for a value add!

  • @libnatty1862
    @libnatty1862 2 роки тому +6

    Thanks for the great behind the scenes look into SIEM monitoring. It's sad that I have a degree from a technical college, and there were hardly any labs, just all theory. I naturally have an investigative mindset so this really intrigues me and I would love to get back into training. Keatron, where does one start?

  • @xCheddarB0b42x
    @xCheddarB0b42x Рік тому

    This was excellent: short, informative, and clear. Thank you!

  • @miloboy55
    @miloboy55 Рік тому +1

    I’m only 4:18 in and I must say this is an excellent video.

  • @brianphamtv6916
    @brianphamtv6916 Рік тому

    This is the content I’m looking for earned subscriber 🎉

  • @jackchn23
    @jackchn23 Рік тому

    Thanks Keatron! Subbed to YOUR channel!

  • @WilliamSalisbury
    @WilliamSalisbury 3 роки тому +4

    Exactly the kind of content I needed!! Thanks a billion

  • @emmanueleniade7558
    @emmanueleniade7558 2 роки тому +1

    Please I have a question. Is security+ course okay for new Comer into cyber security

  • @Jo-nw2lf
    @Jo-nw2lf 2 роки тому +1

    Great video but i tried to download the exabeam but cant. do i have to pay for full download?

  • @dgmckenzie11
    @dgmckenzie11 3 роки тому +6

    Good content! I look forward to part 2.

  • @tinatwintinny1205
    @tinatwintinny1205 10 місяців тому

    Thank you for sharing. I have been trying to get an entry-level job as a SOC, and 😐it's an exciting role.

  • @EdwardAmarh-01
    @EdwardAmarh-01 2 роки тому +2

    Wow this was so informative. I really needed it, same question bothered me, how do you know when to dig deeper into an alert. Thanks

  • @shafiiqbal631
    @shafiiqbal631 2 роки тому +1

    what should be the design or architecture of a SOC Center? Please provide and assist my new SOC Center.

  • @ishwaryanarayan1010
    @ishwaryanarayan1010 Рік тому

    Sir your videos are great . I am looking for trial version to update my skills . Do you offer free trial version?

  • @threadripper3750
    @threadripper3750 2 роки тому +2

    A+ material. i will be ready for my upcoming table top exercise. Thanks a bundle!

  • @_amintrouble
    @_amintrouble 2 роки тому +4

    Hi, thanks for the video. Although you mentioned it, using the md5 command is a lot better and quicker as it gives you the instant hash which you can copy and paste into VT.

  • @msudex
    @msudex 3 роки тому +2

    Hello. Why we did not see that connections/processes on a victim's machine? Was the rootkit hiding that and only having a dump outside of the victims' machine made the rootkit not interfere the proper outcome of connection/processes?

    • @KeatronEvans
      @KeatronEvans 2 роки тому

      Yes, the rootkit was not allowing Windows to "show" you the connections.

  • @mml1224
    @mml1224 3 роки тому +2

    great job, esp.2prep 4 interviews this was handy, keep it comin, youll get 1m subs

  • @vivekprajapati4787
    @vivekprajapati4787 3 роки тому +2

    Is RSA security analytics siem tool good?

  • @Foxy10-b6n
    @Foxy10-b6n 3 роки тому +4

    just getting in and this was fun to watch

  • @KishorKumar-z8e
    @KishorKumar-z8e 4 місяці тому

    thanks a lot for valuable video please keep doing such a videos very informative. thanks again.

  • @TenMinuteKQL
    @TenMinuteKQL 3 роки тому +3

    You have an alert suggesting there may be an issue, but it was not clear that something was definitively wrong. This is the investigative process for the INV team. Once you know it is a true positive and worthy of time for containment and analysis by a dedicated team (impact to organization) it is then transferred to IR. At least in my experience. This is a good rundown of a tier 2 INV investigation.

  • @MohammadAliKhalil
    @MohammadAliKhalil 2 роки тому +1

    This looks difficult to do all of these steps, what type of position do this type of work

    • @KeatronEvans
      @KeatronEvans 2 роки тому

      It's not difficult, just takes practice.

  • @Mustafa-bd3db
    @Mustafa-bd3db 3 роки тому +2

    Is this open source? I would like to practice

  • @kevincastillo9207
    @kevincastillo9207 3 роки тому +4

    I wasn't aware Victor Wooten was into cyber security!

    • @KeatronEvans
      @KeatronEvans 3 роки тому +2

      Awesome comment! I've been playing since I was a kid.

  • @TestUser-i6z
    @TestUser-i6z Рік тому +1

    SuperCybex can provide a cyber defense services for businesses with 50-5000 employees throughout the US to help identify cyber threats and mitigate the risks. Whether your business needs firewalls, network upgrades, or cyber defense and training, we can provide a complete solution including Incident Response

  • @jordanbourcier2424
    @jordanbourcier2424 2 роки тому +1

    Great video!!

  • @dutchhome1212
    @dutchhome1212 3 роки тому +9

    Great vid m8!
    If I may make 2 suggestions (you might already know...): if you first do the RAM memdump be4 using netstat and so on, you wont throw something out of the RAM because you just used two programs. Second, you can also upload a hash of the rootkit to VirusTotal and not the file itself, so not to alert anyone...
    All in all a great and informative video! Keep up the good work!

    • @KeatronEvans
      @KeatronEvans 2 роки тому +4

      Doing a memdump required putting something external on the machine, running netstat did not. The memory dump is far more disruptive than running netstat which is local. Thanks for watching!

  • @cipher4047
    @cipher4047 3 роки тому +21

    Hi, if you don't use virustotal to identify malware, what commercial tool do you use? Also, please make more videos. I will support the channel!

  • @BarCast101
    @BarCast101 Рік тому

    this is a good staff, How to do it on kubernetes?

  • @RichfieldFearless
    @RichfieldFearless 2 роки тому +2

    This was very educative .

  • @cecilkimaro1486
    @cecilkimaro1486 2 роки тому +1

    It’s a good video. Thank you for giving us a light on this matter.

  • @amechi
    @amechi 2 роки тому +1

    Excellent 👍🏾

  • @rrw1981
    @rrw1981 3 роки тому +3

    Great video

  • @natashataylor7531
    @natashataylor7531 2 роки тому +1

    Great video! Thank you!

  • @MrBitviper
    @MrBitviper 2 роки тому +1

    awesome video. thanks for the detailed explanation

  • @cedricroberts4336
    @cedricroberts4336 3 роки тому +2

    Thank you so much for this insightful video.

  • @Ray-p8d
    @Ray-p8d 6 місяців тому

    How to resolve this one?

  • @zacherymahoney12
    @zacherymahoney12 Рік тому

    Just super cool. This is why its so fun

  • @ABDULBASIT-q8m7f
    @ABDULBASIT-q8m7f 4 місяці тому

    what is the software used @ 7.50 ?

  • @TrackMonkey327
    @TrackMonkey327 3 роки тому +2

    That was a great video. I learned a lot. Thank you so much for posting this.

  • @brittb7766
    @brittb7766 3 роки тому +3

    This was an awesome video

  • @marcschweiz
    @marcschweiz 3 роки тому +3

    Absolutely fantastic info

  • @Whatthellisthisthing
    @Whatthellisthisthing 3 роки тому +1

    Great demonstration, thank you!

  • @renelvital
    @renelvital Рік тому

    Thank you for the video.

  • @laanbarehamza1024
    @laanbarehamza1024 3 роки тому +1

    Amazing video. Thanks so much

  • @jksalamon
    @jksalamon Рік тому

    Wanted to check on SOC. Can there be an IT SOC and an OT SOC. Is it right to say so. Or is it just one SOC and have a SIEM separately for IT and OT.
    In one of our groups we had this endless debate about SOC, each side backed with their own experience and opinions. What do you think is the right approach, any document/whitepaper you can share that you know of.

  • @ekomeebahcollins4340
    @ekomeebahcollins4340 3 роки тому +1

    Really great. I appreciate honestly

  • @emreybs2563
    @emreybs2563 2 роки тому +1

    Thanks. Very useful.

  • @akotamaki3385
    @akotamaki3385 Рік тому

    Great video thank you

  • @manfrombritain6816
    @manfrombritain6816 3 роки тому +1

    great video!

  • @juliusweston8036
    @juliusweston8036 10 місяців тому

    Awesome Stuff!

  • @BrookeThePersonalTrainer
    @BrookeThePersonalTrainer 2 місяці тому

    thank you!

  • @PaulEllisBIGDATA
    @PaulEllisBIGDATA 3 роки тому +2

    Outstanding!!!!

    • @KeatronEvans
      @KeatronEvans 2 роки тому

      You're outstanding! Thank you!

  • @zak1686
    @zak1686 Рік тому

    Thank you %100 works

  • @lilmamagc
    @lilmamagc 2 роки тому

    Wow this was so helpful

  • @toliskoutovas7267
    @toliskoutovas7267 Рік тому

    Trying to get into SOC T1. What if instead of uploading the rootkit executable on VirusTotal, you instead extracted its hash and compared it to the virustotal database? Wouldn't that be safer?

  • @Ultimah
    @Ultimah 3 роки тому +1

    fanstatic video please make more video tutorials.

  • @kevinmcguinness6526
    @kevinmcguinness6526 Рік тому

    Thanks man

  • @raveollorza1877
    @raveollorza1877 2 роки тому

    ITS REALLY WORKED LOL THANK YOU DUDE

  • @mannym8ker
    @mannym8ker 3 роки тому +1

    really useful, thanks bro

  • @gradseven7996
    @gradseven7996 2 роки тому

    Can you make more videos like this please

  • @fromthemoonandmybed
    @fromthemoonandmybed Рік тому

    Watching this in 2023 and seeing 3:55 is wild 😭

  • @jeffnaval4894
    @jeffnaval4894 11 місяців тому

    It looks simple. not too much coding. Finally i have a dreamjob i'm dreaming about.

  • @kmernolimitpro7802
    @kmernolimitpro7802 3 роки тому +1

    Thanks sir

  • @madhav766
    @madhav766 2 роки тому

    Is that windows XP?

  • @prachivirkud7286
    @prachivirkud7286 2 роки тому

    Thank you!

  • @KJC2025
    @KJC2025 3 роки тому +2

    You gonna jam on that bass or not?

  • @emmanuelanosike2208
    @emmanuelanosike2208 2 роки тому

    GENIUS

  • @MinaBrinzo
    @MinaBrinzo Рік тому

    Didnt work for me

  • @mohittyagi2691
    @mohittyagi2691 2 роки тому

    dude tNice tutorials is super good! subbed

  • @Byyte
    @Byyte 3 роки тому +6

    Hey I know this guy!! Lol

  • @amrayoub3508
    @amrayoub3508 3 роки тому

    I didn't understand where and why did you got the memory dump?

    • @oscaroska7613
      @oscaroska7613 3 роки тому

      How did he get into victim device

    • @dharunkanna10
      @dharunkanna10 3 роки тому +1

      memory dump is got from windows machine and if u notice that the windows machine doesn't shown the evil process while seeing through command prompt. But the process is running , so we get information about the evil process running by dumping the memory using tool. and we analyze the memory dump file in kali

  • @SoulJah876
    @SoulJah876 2 роки тому +1

    Incident response without a SIEM - is it even possible?

    • @KeatronEvans
      @KeatronEvans 2 роки тому +1

      I mean it's tough in an enterprise environment, but I guess anything is possible. The question is, can you do EFFECTIVE incident response without a SIEM in an enterprise environment.

    • @SoulJah876
      @SoulJah876 2 роки тому

      @@KeatronEvans good point. I mentioned SIEM to a manager recently but our discussion came to the fact that the team didn't have anyone to constantly monitor the system and then act/report on anomalies.

  • @faikerdogan2802
    @faikerdogan2802 2 роки тому

    is that windows 7 :o

  • @tomeshuggah
    @tomeshuggah 3 роки тому

    That damn Barbara!

  • @igu642
    @igu642 2 роки тому

    ❤❤❤❤

  • @derrick.Eth1
    @derrick.Eth1 3 роки тому

    👆👆👆👆👆HE SAVE MY FILE AND DECRYPT IT.HE’S THE BEST HACKER IN THE WORLD !!!

  • @WizardMoDz
    @WizardMoDz 2 роки тому

    Like

  • @youtubsux-z4f
    @youtubsux-z4f Місяць тому

    It's always the HR lady :(

  • @HavokR505
    @HavokR505 2 роки тому

    why wouldn't u just ask her if she VPN'ed from Ukraine? ":hi, yea were u in ukraine yesterday? no? did u have a VPN on that was pointing to Ukraine? no?" hmmm

  • @MrEmityushkin
    @MrEmityushkin 3 роки тому

    +

  • @hannakorostelova1180
    @hannakorostelova1180 2 роки тому

    It's Ukraine, not the Ukraine.

  • @claudiamanta1943
    @claudiamanta1943 8 місяців тому

    3:45 How do you know info about somebody’s behaviour if they use a VPN?

  • @claudiamanta1943
    @claudiamanta1943 8 місяців тому

    Thanks for sharing, it’s really interesting.
    I don’t know much about IT, but isn’t it risky to use any automated system to flag up problems? Such system is only as good as its algorithms and the way the administrator configures it.
    Re the incident. Maybe this lady works remotely from Ukraine?
    Last but not least, shouldn’t the company’s IT admin check her activity? Please, tell me that Admins can do that despite the employees using VPN, otherwise the system would be safe-ish from external attacks but totally vulnerable to internal attacks.
    Thanks.

  • @Hotchoclate5444
    @Hotchoclate5444 Рік тому

    Great video!!