all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Security Analysis 101: IPs, Domains, OSINT, IOCs, Oh my! — why we can’t always trust what we see and hear

Add to bookmarks
Oct. 27, 2023, 6:17 a.m. | /u/thattechkitten

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Wrote a new article quickly tonight to help the SOC I manage. Had some people mass closing out alerts based on clean IPs among some other things so I started a new series talking about some common things and ways to confirm activity in logs.
Let me know what you all think! Hopefully it also helps you if you are new to this.
https://medium.com/@truvis.thornton/security-analysis-101-ips-domains-osint-iocs-oh-my-2ae670250fe1

alerts analysis article blueteamsec domains iocs ips manage osint people quickly security security analysis series soc talking things trust

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

CVE-2024-24919 Check Point 0-Day Remote Access VPN - or - aCSHELL/../../../../../../../ homepage/admin/.ssh/id_rsa * ssh admin@Host … 17 hours ago | www.reddit.com
blueteamsec
Australian court rules on appeal that Cyber Incident Response documents ARE NOT protected from legal … 20 hours ago | www.reddit.com
australian blueteamsec claim court +17
Snowflake Community: Detecting and Preventing Unauthorized User Access: Instructions 1 day, 11 hours ago | www.reddit.com
access blueteamsec community instructions +2
Linux rootkits explained – Part 1: Dynamic linker hijacking, Part 2: Loadable kernel modules 1 day, 12 hours ago | www.reddit.com
blueteamsec dynamic explained hijacking +5
NSA Releases Guidance on the Visibility and Analytics Pillar of Zero Trust 1 day, 13 hours ago | www.reddit.com
analytics blueteamsec guidance nsa +4
Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware 2 days ago | www.reddit.com
blueteamsec civil civil society latvia +6
How malware authors play with the LNK file format 2 days, 11 hours ago | www.reddit.com
authors blueteamsec file lnk +3
The Pumpkin Eclipse 2 days, 14 hours ago | www.reddit.com
blueteamsec eclipse pumpkin
The Best Way to Start with AWS Security Hub 2 days, 14 hours ago | www.reddit.com
aws aws security hub blueteamsec hub +3

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com