Flashcards in SECOPS 10: SOC Playbook (Not needed for the exam) Deck (13)
Security analytics is accomplished by:
Collecting, correlating, and analyzing a wide range of data.
Blocks IP addresses in seconds
IAM security device has an unexpected feature...
self-contained, fully documented, prescriptive procedures for finding and responding to undesired activity
High Fidelity report
Guarantied true positive. Not a policy violation.
Might be an infection, policy violation, or normal activity.
Anything less than 100% certainty is investigative.
Can INV reports become HF?
Yes, with tuning over time.
Play objective statement
Describes what a play is looking for and why it's worthwhile to run.
Basically a security system like a logging solution, SIEM, large data warehouse, etc.
Specific syntax used on a security system to identify reported activity
Actions to take during IR phase
Documentation and training material needed to understand the query