Tools for detective controls
Now that we understand the scope of a typical SOC and the vast amount of data it would need to consume to identify any threats, the next logical question is: Which tools are available that can help them achieve that? Needless to say, doing this manually is going to be next to impossible. Hence, it is essential for the blue team to get an overview of the types of tools available that could assist it in setting up its SOC. For the scope of this book, we will review a few types of tools available, and as previously mentioned, each blue team must run its own risk assessments and evaluation to determine what is the best fit for its own organization.
Threat Intelligence Platform (TIP)
A TIP is a type of cybersecurity solution that primarily focuses on the detection, collection, aggregation, organization, and analysis of threat data from the clear web, the deep web, and the black web. A TIP will gather intelligence that can be put into action from a wide...