Investigating Cyber Threats by Using the Firewall Logs

The network firewall has a strategic position that allows it to have insight and visibility into the traffic between different zones and subnets. As we discussed during the last chapter, a firewall providing useful log details allows you, as a SOC analyst and incident responder, to take advantage of the firewall position and log details to investigate cyber threats.

The objective of this chapter is to learn about a number of cyber threats, such as internal and external reconnaissance, lateral movement, command and control, exfiltration, and DoS attacks, and how to investigate them by using the firewall logs.

In this chapter, we’ve going to cover the following main topics:

  • Investigating ...

Get Effective Threat Investigation for SOC Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.