-
Book Overview & Buying
-
Table Of Contents
SOC Analyst Career Guide
By :
In this chapter, you will move from simply building your Security Onion 2 SIEM system to taking it for a walk-through in the context of a simulated real-world adversary hunt. You will act as both the adversary and the defender at the same time—setting up a vulnerable Windows Server domain controller, deploying an Elastic Agent to collect telemetry, and then using a Kali Linux workstation to run reconnaissance and exploitation. This fictionalized intrusion event will help you observe how cyber attacks progress across the network and endpoint layers and, as it’s happening, demonstrate how detections appear in your SIEM.
At the end of this chapter, you will recognize some of the ways to participate in adversary emulation exercises, and you will be able to perform actions that demonstrate reconnaissance, exploitation, and defensive detection modes. You will learn how to view security events in real time, create your own custom SIEM rules,...