all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Security Analysis 101: IPs, Domains, OSINT, IOCs, Oh my! — why we can’t always trust what we see and hear

Add to bookmarks
Oct. 27, 2023, 6:17 a.m. | /u/thattechkitten

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Wrote a new article quickly tonight to help the SOC I manage. Had some people mass closing out alerts based on clean IPs among some other things so I started a new series talking about some common things and ways to confirm activity in logs.
Let me know what you all think! Hopefully it also helps you if you are new to this.
https://medium.com/@truvis.thornton/security-analysis-101-ips-domains-osint-iocs-oh-my-2ae670250fe1

alerts analysis article blueteamsec domains iocs ips manage osint people quickly security security analysis series soc talking things trust

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

hunt_arcanedoor_ips.csv: Full IP list to check against your ASA/Flow logs for the ArcaneDoor Cisco ASA … 20 hours ago | www.reddit.com
arcanedoor asa blueteamsec check +8
CVE-2024-21111 - Local Privilege Escalation in Oracle VirtualBox 21 hours ago | www.reddit.com
blueteamsec cve cve-2024 escalation +7
How I hacked into Google’s internal corporate assets [tl;dr: dependency confusion] 1 day, 1 hour ago | www.reddit.com
assets blueteamsec corporate dependency +4
here's my blog on Phishing Email Investigation: A Step-by-Step Analysis 1 day, 5 hours ago | www.reddit.com
analysis blog blueteamsec email +2
(The) Postman Carries Lots of Secrets - "We estimate over 4,000 live credentials are currently … 1 day, 9 hours ago | www.reddit.com
blueteamsec cloud credentials live +4
Botconf 2024 videos 1 day, 9 hours ago | www.reddit.com
blueteamsec botconf videos
Hunting for a Sliver in a haystack 1 day, 21 hours ago | www.reddit.com
blueteamsec haystack hunting sliver
Nation-State Threat Actors Renew Publications to npm 2 days, 2 hours ago | www.reddit.com
blueteamsec nation npm publications +3
Guidance for Incident Responders 2 days, 5 hours ago | www.reddit.com
blueteamsec guidance incident incident responders

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Principal Security Analyst - Threat Labs (Position located in India) (Remote)

@ KnowBe4, Inc. | Kochi, India
View on infosec-jobs.com

Cyber Security - Cloud Security and Security Architecture - Manager - Multiple Positions - 1500860

@ EY | Dallas, TX, US, 75219
View on infosec-jobs.com

Enterprise Security Architect (Intermediate)

@ Federal Reserve System | Remote - Virginia
View on infosec-jobs.com

Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Associate -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com

Vulnerability Management Team Lead - North Central region (Remote)

@ GuidePoint Security LLC | Remote in the United States
View on infosec-jobs.com
View more jobs