Cyber security operators should be able to analyze data from multiple sources and make relevant conclusions about a security event. They should also be able to prioritize events and use common security frameworks. Readers will look at a range of data sources, from network logs, packet captures, intrusion detection systems, intrusion prevention systems, and host-based detection systems and draw conclusions about what type of event is happening, its severity, and how likely it is to happen again.
Most importantly, the cyber security operator must be able to communicate the findings of these processes with high-level management (most of whom are non-technical). The analysis and presentation of these results must, therefore, build a narrative with various logs providing context for each other in a coherent format.
This section covers the process...