Комментарии:
I am OBSESSED with your videos!!!! Thank you
Ответитьsounds fun!
Ответитьhello. thanks for the great video and info , which SOAR solution are you using ??
ОтветитьGood job, i have been looking for a such video for long time🎉 Thank you + I subscribed
ОтветитьYou're so good at your job, but I can't help but feel anxiety because I don't know any of this stuff yet. I'm almost done with my Google Cybersecurity Cert and will start hunting for jobs. I hope everything you showed us is easy to learn.
ОтветитьThis was fascinating and very informative, thank you! Subbed
ОтветитьYes,create a dashboard!
Ответитьman look i am Currently in a cyber security Bootcamp.And they do not teach us about what we will be using in a real life scenario they kind of just give teach it and make a run around giving definitions but no examples it’s kind of crazy but you have taught me more within eight minutes then ive learned in a month so thank you
ОтветитьExcellent, please do more videos. at least you should show the URL from where the malicious PDF was downloaded. It helps the community to block that website in advance. Once again thanks a lot!👍
ОтветитьCool vid! Quick question: how do I block my phone from remote monitoring? I connected my personal device to my work wifi and I suspect that they been monitoring my phone.
ОтветитьGreat content! I would really like to see a how to great dashboards video.
ОтветитьPlease create more videos on different incidents. Subscribed to your channels to see more videos like this
ОтветитьLove from India. I have watched so many videos so far and this is the best one. Really appreciate your efforts
ОтветитьThat's alot.... but I want it
ОтветитьDo you have a linkedin? Would love to connect Jono!
ОтветитьHow did you go about learning the tools like the CrowdStrike console, Splunk etc…? On your own or was it ever taught on the job? Thx
Ответитьyour linkedin?
ОтветитьWow! This is so cool. Thank you for this video. It’s indeed a real-world experience. You just got a subscriber 😊
ОтветитьVery good! We want more! ❤
ОтветитьGreat stuff as someone that trying to get into cyber security none of these programs make sense but what actually does is what your saying oldly enough I can keep up
Great insight of what you would have to do on the job
Good job 👍 please create dashboard for the workflows
ОтветитьI’m going to start my new job as a SOC Analyst in the first week of December 2023 and I was looking for a video to know how exactly it works in real time and secured environment. Thank you for this wonderful video.
Subscribed 😍🙏🏼🙏🏼 Also going to share it with my mates. Please do more videos on how different attacks happen and how as a SOC analyst we need to remediate it.
Looking forward to many such videos from you! I’ve hit the bell icon toooooo.
Thanks again 🎉🎉
I can say for sure as someone currently working as SOC analyst as well, this level of quality information is so hard to get. Even at work, especially when you just first start out in the role. Thank you for this Jono.
ОтветитьThank you. Hopefully this stuff sticks
ОтветитьNot watching you type word by word — but I would actually enjoy seeing a high-level video of what you find important to include, and how you write up your documentation.
This was a great video though! Thank so very much for taking the time to make some real content.
Can you do a follow up video on this? I love how you show the real boring but very important stuff!
ОтветитьAbout how many hours a day you work ? I know how you break this down ? What’s your educational background
ОтветитьGreat work🎉
Ответить❤❤❤Wow this is Really Effective Video👏🙌🏼
ОтветитьPromo SM ☹️
ОтветитьSummary of my notes!
*Introduction:*
You're working as a SOC (Security Operations Center) analyst, and one day you receive a message saying that an employee's computer has been infected with a virus. In this video, we'll walk through the steps involved in investigating and responding to such an incident.
*Understanding the Security Architecture:*
To begin, it's essential to understand the general security architecture of your organization. This may involve various monitoring systems for web traffic, firewalls, device monitoring, and event logs. These systems collect data that is crucial during incident investigations.
*Incident Response Time:*
The incident response time is typically around two business hours, starting when the incident is reported. Team members collaborate to collect information and investigate the incident.
*Isolating the Laptop:*
The first step is to isolate the affected laptop from the network. This prevents the potential spread of the threat. Specific tools, like CrowdStrike, can help with this.
*Checking for System Detections:*
Next, you check for system detections. If a virus has been downloaded onto the laptop, detection tools, such as CrowdStrike, will capture it.
*Analyzing Web Traffic:*
To analyze web traffic, you look at browsing history. Using tools like Splunk, you can search for specific URLs and examine the logs.
*Blocking Malicious URLs:*
Upon finding suspicious URLs, they are blocked. This action is often done via APIs, such as Zscaler's.
*Checking for Outbound Traffic:*
The firewall logs are reviewed to detect any suspicious outbound traffic from the laptop.
*Checking Windows Event Logs:*
Windows event logs are checked for user activity. This involves looking for unusual data exfiltration or unauthorized access.
*Remediating the Threat:*
Once threats are identified, they are remediated. In this case, the investigator blocked malicious websites and connections.
*Investigation Conclusion:*
After a thorough investigation, it's determined that the user had not downloaded a virus, and there was no data exfiltration. The incident severity was low, as the issue was related to spam and scam notifications triggered by user actions on a malicious website.
*Using Dashboards for Efficiency:*
The video suggests using dashboards for efficiency in investigations. Dashboards can group all relevant logs and data for a streamlined analysis.
*Documentation:*
The final step in an incident response is documentation. All details of the investigation must be recorded for audit and compliance purposes.
PS: I love your content! Keep going!
You’re a soc l1?
ОтветитьWould love a documentions video!
ОтветитьDo more of these please🙏🏼 queries and thought process/Osint tools is very helpful thank you
ОтветитьGreat video, thank you!
ОтветитьYou should do a splunk tutorial!
ОтветитьI think it would be Good idea to include documentation especially since it's very important when working in a SOC. Great video by the way!
ОтветитьPlease make a video for dashboards
ОтветитьMore of these scenarios! Great content
ОтветитьBecause of this video, I've subscribed and even created a Playlist just for "Tech with Jono!"
Ответитьfinally an actual run through of a SOC Analyst incident. Well done!!!
Ответитьvery clear explanation if you could please make a video on waf and cloud related alerts and how to respond them that would be highly beneficial too. thanks
ОтветитьVery informative video! Thank you!. I actually dont know what to expect and already secured a job as SOC analyst. Your video is a saver 🫡
ОтветитьSir you earned my subscription, great content, on the point and actually showing stuff, keep it up
ОтветитьGreat video. Thanks for giving great insight. I will like to know whether the steps you describe are part of the organizations runbook/playbook that you have to follow. Thanks
ОтветитьThis is the first time I've seen an actual SOC analyst task. Thanks for sharing mate. 👍
ОтветитьLet me say something .... I think you can reach more audience by putting a technical title like " What to do when co-worker infected a virus as a SOC " ..... I imagined this shows your day to day activities like eat,sleep etc. Just an idea ... Love your content ❤
Ответитьyou're a legend dude, I'm currently studying Cybersecurity on my own, so i'm reading about all the softwares and tools, but its better for me to SEE them in use. so this helps. thanks man
ОтветитьThanks as I really appreciate how thorough you are in your videos as I truly got a lot out of this presentation. Thank you.
Ответить