A security operations center (SOC) is a centralized team responsible for monitoring and analyzing an organization’s security posture. Setting up a SOC can be a complex and time-consuming process, but with the right planning and resources, it can provide a significant boost to an organization’s security defenses. Here are some steps to help you set […]
Category: Operations
Sysmon Playbook Event ID 3
Sysmon Event ID: 3 Sysmon Event Title: Network Connection Detected Network Connection Attributes: When any machines with Sysmon installed makes a network connection many details about the network connection are captured and logged under the event id 3. We will briefly discuss all the fields captured under the event id 3. RuleName: %1!s! […]
SYSMON Playbook – Event ID 1
Windows by default records most of the activity happening on OS in the Windows logs and can be viewed in Windows Event Viewer. However the Sysmon is much better when it comes to providing visibility into the activities related to executions. Sysmon is a great tool which is used to monitor the system and log […]
Communication Plan
Communication is the key when providing services to either the clients outside your organization or with in your organization to any department. One bad email or a missed email can change the trajectory of your relationship with your client. Now the communication goals can be different and totally depends on the relationship and services being […]