What to do with a Virus Infection as a SOC Analyst | Cybersecurity Day in Life

I am OBSESSED with your videos!!!! Thank you

sounds fun!

hello. thanks for the great video and info , which SOAR solution are you using ??

Good job, i have been looking for a such video for long time🎉 Thank you + I subscribed

You're so good at your job, but I can't help but feel anxiety because I don't know any of this stuff yet. I'm almost done with my Google Cybersecurity Cert and will start hunting for jobs. I hope everything you showed us is easy to learn.

This was fascinating and very informative, thank you! Subbed

Yes,create a dashboard!

man look i am Currently in a cyber security Bootcamp.And they do not teach us about what we will be using in a real life scenario they kind of just give teach it and make a run around giving definitions but no examples it’s kind of crazy but you have taught me more within eight minutes then ive learned in a month so thank you

Excellent, please do more videos. at least you should show the URL from where the malicious PDF was downloaded. It helps the community to block that website in advance. Once again thanks a lot!👍

Cool vid! Quick question: how do I block my phone from remote monitoring? I connected my personal device to my work wifi and I suspect that they been monitoring my phone.

Great content! I would really like to see a how to great dashboards video.

Please create more videos on different incidents. Subscribed to your channels to see more videos like this

Love from India. I have watched so many videos so far and this is the best one. Really appreciate your efforts

That's alot.... but I want it

Do you have a linkedin? Would love to connect Jono!

How did you go about learning the tools like the CrowdStrike console, Splunk etc…? On your own or was it ever taught on the job? Thx

your linkedin?

Wow! This is so cool. Thank you for this video. It’s indeed a real-world experience. You just got a subscriber 😊

Very good! We want more! ❤

Great stuff as someone that trying to get into cyber security none of these programs make sense but what actually does is what your saying oldly enough I can keep up

Great insight of what you would have to do on the job

Good job 👍 please create dashboard for the workflows

I’m going to start my new job as a SOC Analyst in the first week of December 2023 and I was looking for a video to know how exactly it works in real time and secured environment. Thank you for this wonderful video.
Subscribed 😍🙏🏼🙏🏼 Also going to share it with my mates. Please do more videos on how different attacks happen and how as a SOC analyst we need to remediate it.
Looking forward to many such videos from you! I’ve hit the bell icon toooooo.

Thanks again 🎉🎉

I can say for sure as someone currently working as SOC analyst as well, this level of quality information is so hard to get. Even at work, especially when you just first start out in the role. Thank you for this Jono.

Thank you. Hopefully this stuff sticks

Not watching you type word by word — but I would actually enjoy seeing a high-level video of what you find important to include, and how you write up your documentation.

This was a great video though! Thank so very much for taking the time to make some real content.

Can you do a follow up video on this? I love how you show the real boring but very important stuff!

About how many hours a day you work ? I know how you break this down ? What’s your educational background

Great work🎉

❤❤❤Wow this is Really Effective Video👏🙌🏼

Promo SM ☹️

Summary of my notes!

*Introduction:*
You're working as a SOC (Security Operations Center) analyst, and one day you receive a message saying that an employee's computer has been infected with a virus. In this video, we'll walk through the steps involved in investigating and responding to such an incident.

*Understanding the Security Architecture:*
To begin, it's essential to understand the general security architecture of your organization. This may involve various monitoring systems for web traffic, firewalls, device monitoring, and event logs. These systems collect data that is crucial during incident investigations.

*Incident Response Time:*
The incident response time is typically around two business hours, starting when the incident is reported. Team members collaborate to collect information and investigate the incident.

*Isolating the Laptop:*
The first step is to isolate the affected laptop from the network. This prevents the potential spread of the threat. Specific tools, like CrowdStrike, can help with this.

*Checking for System Detections:*
Next, you check for system detections. If a virus has been downloaded onto the laptop, detection tools, such as CrowdStrike, will capture it.

*Analyzing Web Traffic:*
To analyze web traffic, you look at browsing history. Using tools like Splunk, you can search for specific URLs and examine the logs.

*Blocking Malicious URLs:*
Upon finding suspicious URLs, they are blocked. This action is often done via APIs, such as Zscaler's.

*Checking for Outbound Traffic:*
The firewall logs are reviewed to detect any suspicious outbound traffic from the laptop.

*Checking Windows Event Logs:*
Windows event logs are checked for user activity. This involves looking for unusual data exfiltration or unauthorized access.

*Remediating the Threat:*
Once threats are identified, they are remediated. In this case, the investigator blocked malicious websites and connections.

*Investigation Conclusion:*
After a thorough investigation, it's determined that the user had not downloaded a virus, and there was no data exfiltration. The incident severity was low, as the issue was related to spam and scam notifications triggered by user actions on a malicious website.

*Using Dashboards for Efficiency:*
The video suggests using dashboards for efficiency in investigations. Dashboards can group all relevant logs and data for a streamlined analysis.

*Documentation:*
The final step in an incident response is documentation. All details of the investigation must be recorded for audit and compliance purposes.

PS: I love your content! Keep going!

You’re a soc l1?

Would love a documentions video!

Do more of these please🙏🏼 queries and thought process/Osint tools is very helpful thank you

Great video, thank you!

You should do a splunk tutorial!

I think it would be Good idea to include documentation especially since it's very important when working in a SOC. Great video by the way!

Please make a video for dashboards

More of these scenarios! Great content

Because of this video, I've subscribed and even created a Playlist just for "Tech with Jono!"

finally an actual run through of a SOC Analyst incident. Well done!!!

very clear explanation if you could please make a video on waf and cloud related alerts and how to respond them that would be highly beneficial too. thanks

Very informative video! Thank you!. I actually dont know what to expect and already secured a job as SOC analyst. Your video is a saver 🫡

Sir you earned my subscription, great content, on the point and actually showing stuff, keep it up

Great video. Thanks for giving great insight. I will like to know whether the steps you describe are part of the organizations runbook/playbook that you have to follow. Thanks

This is the first time I've seen an actual SOC analyst task. Thanks for sharing mate. 👍

Let me say something .... I think you can reach more audience by putting a technical title like " What to do when co-worker infected a virus as a SOC " ..... I imagined this shows your day to day activities like eat,sleep etc. Just an idea ... Love your content ❤

you're a legend dude, I'm currently studying Cybersecurity on my own, so i'm reading about all the softwares and tools, but its better for me to SEE them in use. so this helps. thanks man

Thanks as I really appreciate how thorough you are in your videos as I truly got a lot out of this presentation. Thank you.