Black Hills InfoSec

Clear, Concise, and Comprehensive: The Formula for Great SOC Tickets

BHIS · 2024-10-17 · Read original ↗

ATT&CK techniques detected

3 predictions

T1558.003Kerberoasting

79%

“checks on soc tickets is that analysts will sometimes think either too broadly or too specifically about the alert they are working on. there is a middle ground to be had. if you think too broadly, you may be looking across weeks and months of logs, looking at unrelated activity,…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1558.003Kerberoasting

50%

“good example is if during your investigation you discover that the alerting activity was blocked by a security control. that should not mean the ticket gets closed out and we move on. in a real attack scenario, the attacker isn ’ t going to shrug and say, “ well you got me, ” and…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1558Steal or Forge Kerberos Tickets

31%

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

A lot of emphasis and focus is put on the investigative part of SOC work, with the documentation and less glamorous side of things brushed under the rug. One such […]

The post Clear, Concise, and Comprehensive: The Formula for Great SOC Tickets appeared first on Black Hills Information Security, Inc..