13 Investigating Network Flows and Security Solutions Alerts

In most digital networks, there are network devices such as routers that generate flows and security solutions that generate security alerts. That information and data are useful to detect and investigate various cyber threats. As an SOC analyst, you should be aware and take advantage of the flow metadata provided by network devices such as routers and layer 3 switches, and the alerts generated by security solutions such as Antivirus (AV), Endpoint Detection and Response (EDR), an Intrusion Prevention System (IPS), an Intrusion Detection System (IDS), a network sandbox, and a network AV.

The objective of this chapter is to learn how to detect and investigate cyber threats by utilizing ...

Get Effective Threat Investigation for SOC Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Effective Threat Investigation for SOC Analysts by Mostafa Yahia

13

Investigating Network Flows and Security Solutions Alerts

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly