Cyber Security Self Introduction

 Self introduction:

Myself (Yourname) Currently working in (Your company name) as a 

security analyst from the last (Your Experience)

In this organization I am handling the roles and responsibilities like Incidents monitoring and analyzing part by using the siem tools like Microsoft sentinel, Ibm qradar, Micro Focus Arcsight, DLP tool forcepoint, Microsoft EDR

After analyzing the incidents we raise tickets in the ticketing tool for the appropriate team to remediate. 

Maintaining the incident tracker, and daily report. 

As well as participating in daily and weekly calls with vendors.

Reporting the siem health checkup. 

SIEM Analyst for log & event analysis, incident investigation, reporting, remediation and also develop


• Worked on Multiple SIEM tools like QRadar, sentinel, Archsight Was Responsible for complete detailed analysis in SIEM tools to provide the clear picture of incident to the customer.


Having an experience in creating Security Threat advisory for the latest cyber-attacks and providing all the IOC's(Indicators of compromise) if exists to make sure the client is safe from the ongoing global threats.

Capable of performing threat research from and collecting IOC’s and attack vectors on various intelligence sources.

• Create customized Daily/Weekly/Monthly reports and share with the relevant stakeholders.


Responsible for analyzing ￾firewall, IDS and Proxy logs to detect any possible attack such as SQL injection, Port scanning etc.

Responsible for proactively alerting the customer for tracking of any malicious activity observed on the customer network by monitoring Network/Endpoint devices.

Having experience in performing various Administration tasks like: adding log sources, configuring various threat intelligence applications to SIEM, Troubleshooting, defining user roles, adding new users, SIEM health check-up, license management.

• Responsible for handling security incidents escalated from L1 Analysts.

Run root cause analysis and post incident reviews working with the client to identify and plan improvements.

Able to Collect, Consume and Analyses data from the various Cyber Threat Intelligence Sources like Virus total, Cisco Talos which helps in providing the information about the incidents in much larger,wider and clearer way

Comments

Post a Comment

Popular posts from this blog

Brute force attack investigation

  Responsibility Index Phase Responsibility      Identification L1 Analyst:- GSOC Monitoring Team      Investigation  L2 Analyst:-This includes individuals from Network Team/GSOC Containment L2 Analyst: -  This includes individuals from Network Team/ Server team          Remediation L2 Analyst:-This includes Network Team/Server Team/GSOC Recovery L2 Analyst:-This includes Network Team/Server Team/GSOC Brute Force attack Procedure Identification Stage Stage Source Identification Brute Force incident is reported by  Network Team Incident/If the alert is raised by the SIEM Investigating Stage Stage Actions by Respective Team Investigation Security team checks If the Brute Force attack is identified and an alert generated via SIEM below parameters are considered for investigating: Source addresses of the attempts Firewall Action Investigating Destination on which brute force attem...
Read more

Which tools and software do we need?

 We will need some software when applying the dynamic analysis method. Let's take a look at these software categories. Virtualization Software We do not want to conduct dynamic analysis on our own system as we need to run the malware to be able to examine its activities. For this reason, we should make use of Virtualization Software that helps us work on some virtual systems. Thanks to these software, you can use a different operating system on your host operating system. If they are configured properly, you can perform your analysis safely, as malicious software cannot escape from this virtual operating system. It is useful to make a small note here on these virtualization software. Since these virtualization environments are essentially software, various vulnerabilities that allow malwares to escape out of these virtual environments and allow code executions on the host operating system may occur on these environments. For this reason, It is crucial to keep your virtualization so...
Read more

Packet drafting for IDS_IPS

 Table of contents Introduction Scapy-Overview Snort-Rule References Introduction In this article will demonstrate how we can generate packet that can test/trigger rule in Snort or Suricata using Scapy. Scapy is a packet manipulation tool for computer networks, originally written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery. Scapy Overview To run Scapy write scapy in your linux terminal as following: ┌──(kali㉿kali)-[~] └─$ sudo scapy [sudo] password for kali:                                                              aSPY//YASa                     apyyyyCY//////////YCa  ...
Read more