{"product_id":"effective-threat-investigation-for-soc-analysts-the-ultimate-guide-to-examining-various-threats-and-attacker-techniques-using-security-logs","title":"Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs","description":"\u003cp\u003e\u003cstrong\u003eBook info:\u003c\/strong\u003e Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs (Paperback, 315 pages) – Packt Publishing, 2023. Language: English.\u003c\/p\u003e\n \u003cp\u003eDetect and investigate various cyber threats and techniques carried out by malicious actors by analyzing logs generated from different sources\u003c\/p\u003e\u003cp\u003ePurchase of the print or Kindle book includes a free PDF eBook\u003c\/p\u003eKey Features\u003cul\u003e\n\u003cli\u003eUnderstand and analyze various modern cyber threats and attackers' techniques\u003c\/li\u003e\n\u003cli\u003eGain in-depth knowledge of email security, Windows, firewall, proxy, WAF, and security solution logs\u003c\/li\u003e\n\u003cli\u003eExplore popular cyber threat intelligence platforms to investigate suspicious artifacts\u003c\/li\u003e\n\u003c\/ul\u003eBook Description\u003cp\u003eEffective threat investigation requires strong technical expertise, analytical skills, and a deep understanding of cyber threats and attacker techniques. It's a crucial skill for SOC analysts, enabling them to analyze different threats and identify security incident origins. This book provides insights into the most common cyber threats and various attacker techniques to help you hone your incident investigation skills.\u003c\/p\u003e\u003cp\u003eThe book begins by explaining phishing and email attack types and how to detect and investigate them, along with Microsoft log types such as Security, System, PowerShell, and their events. Next, you’ll learn how to detect and investigate attackers' techniques and malicious activities within Windows environments. As you make progress, you’ll find out how to analyze the firewalls, flows, and proxy logs, as well as detect and investigate cyber threats using various security solution alerts, including EDR, IPS, and IDS. You’ll also explore popular threat intelligence platforms such as VirusTotal, AbuseIPDB, and X-Force for investigating cyber threats and successfully build your own sandbox environment for effective malware analysis.\u003c\/p\u003e\u003cp\u003eBy the end of this book, you’ll have learned how to analyze popular systems and security appliance logs that exist in any environment and explore various attackers' techniques to detect and investigate them with ease.\u003c\/p\u003eWhat you will learn\u003cul\u003e\n\u003cli\u003eGet familiarized with and investigate various threat types and attacker techniques\u003c\/li\u003e\n\u003cli\u003eAnalyze email security solution logs and understand email flow and headers\u003c\/li\u003e\n\u003cli\u003eFind out how to analyze Microsoft event logs\u003c\/li\u003e\n\u003cli\u003ePractical investigation of the various Windows threats and attacks\u003c\/li\u003e\n\u003cli\u003eAnalyze web proxy logs to investigate C\u0026amp;C communication attributes\u003c\/li\u003e\n\u003cli\u003eUnderstand web application firewall (WAF) logs and examine various external attacks\u003c\/li\u003e\n\u003cli\u003eAnalyze FW logs and security alerts to investigate cyber threats\u003c\/li\u003e\n\u003cli\u003eUnderstand the role of CTI in investigation and identify potential threats\u003c\/li\u003e\n\u003c\/ul\u003eWho this book is for\u003cp\u003eThis book is for Security Operation Center (SOC) analysts, security professionals, cybersecurity incident investigators, incident handlers, incident responders, or anyone looking to explore attacker techniques and delve deeper into detecting and investigating attacks. If you want to efficiently detect and investigate cyberattacks by analyzing logs generated from different log sources, then this is the book for you. Basic knowledge of cybersecurity and networking domains and entry-level security concepts are necessary to get the most out of this book.\u003c\/p\u003eTable of Contents\u003cli\u003eInvestigating Email Threats\u003c\/li\u003e\u003cli\u003eEmail Flow and Header Analysis\u003c\/li\u003e\u003cli\u003eIntroduction to Windows Event Logs\u003c\/li\u003e\u003cli\u003eTracking Accounts Login and Management\u003c\/li\u003e\u003cli\u003eInvestigating Suspicious Process Execution Using Windows Event Logs\u003c\/li\u003e\u003cli\u003eInvestigating PowerShell Event Logs\u003c\/li\u003e\u003cli\u003eInvestigating Persistence and Lateral Movement Using Windows Event Logs\u003c\/li\u003e\u003cli\u003eNetwork Firewall Logs Analysis\u003c\/li\u003e\u003cli\u003eInvestigating Cyber Threats by Using the Firewall Logs\u003c\/li\u003e\u003cli\u003eWeb Proxy Logs Analysis\u003c\/li\u003e\u003cp\u003e(N.B. Please use the Look Inside option to see further chapters)\u003c\/p\u003e  \n\n                                         Editorial Reviews                   About the Author   \u003cp\u003eMostafa Yahia is a passionate threat investigator and hunter who hunted and investigated several cyber incidents. His experience includes building and leading cyber security managed services such as SOC and threat hunting services. He earned a bachelor's degree in computer science in 2016. Additionally, Mostafa has the following certifications: GCFA, GCIH, CCNA, IBM QRadar, and FireEye System engineer. Mostafa also provides free courses and lessons through his YouTube channel. Currently, he is the cyber defense services senior leader for SOC, Threat hunting, DFIR, and Compromise assessment services in an MSSP company.\u003c\/p\u003e                                           ","brand":"Mostafa Yahia","offers":[{"title":"Default Title","offer_id":46069677785322,"sku":"9781837634781","price":53.77,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0714\/5301\/6298\/files\/71gdZEC_gpL._SL1500.jpg?v=1781217055","url":"https:\/\/textbookme.store\/products\/effective-threat-investigation-for-soc-analysts-the-ultimate-guide-to-examining-various-threats-and-attacker-techniques-using-security-logs","provider":"TextbookMe","version":"1.0","type":"link"}