SECOPS 12: SOC WMS and Automation Flashcards Preview

CCNA Cyber Ops SECOPS > SECOPS 12: SOC WMS and Automation > Flashcards

Flashcards in SECOPS 12: SOC WMS and Automation Deck (18)
Loading flashcards...
1

WMS

Tags/ID's, tracks a security event, and tracks the actions to deal with the event

2

Tool to orchestrate & automate IR process

WMS

3

WMS aka

SOAR

4

SOAR stands for

Security Orchestration Automation and Reporting

5

System that performs containment and eradication

WMS

6

Sequential workflow

Flow-chart style. One step to the next

7

State machine

Progress from state to state

8

Rules-Driven

Rules dictate process

9

Guides analysts through the triage and response procedure

Workflow

10

IR lifecycle (4)

Preparation
Detection and Analysis
Containment, Eradication, Recovery
Post incident activity

11

Tier 1 Analyst

Monitors alerts, triages security alerts, Collects data to escalate to Tier 2

12

Tier 2 Analyst

Deep IA by correlating data. Determines affect. Advises on remediation.

13

IR Handler

Manages incident. Executes containment. Comms.

14

Forensics specialists

Gather, analyze data for investigation. Maintains data integrity.

15

Reverse engineering specialist

ID's TTP's and IOC's. Signature writing.

16

RESTful API

Used to send/receive data between tools

17

Command line API's

Often one off uses between WMS and other systems

18

TAXII

Standardizes automated exchange of threat info.