The hardest part of SOC work isn’t catching the incident, it’s knowing which alert deserves your full attention first when twenty are screaming at once. Nobody teaches you that in a course
Raw Sysmon =a firehouse of noise
Sysmon + SwiftOnSecurity config = curated telemetry with rule context in every event.This Event ID 13? The RuleName field already tells me what triggered it before I even read the details. Stop running Sysmon bare. The config is free on GitHub.
Raw Sysmon =a firehouse of noise
Sysmon + SwiftOnSecurity config = curated telemetry with rule context in every event.This Event ID 13? The RuleName field already tells me what triggered it before I even read the details. Stop running Sysmon bare. The config is free on GitHub.
Two years ago I googled “what does a soc analyst actually do.”Today I’m the one testing the tools before I post about them.Progress doesn’t feel like progress while it’s
happening. It only shows up when you look back far enough🤷
Two years ago I googled “what does a soc analyst actually do.”Today I’m the one testing the tools before I post about them.Progress doesn’t feel like progress while it’s
happening. It only shows up when you look back far enough🤷
Sysmon logs your whole endpoint except one thing, itself getting killed. One privileged command unloads the driver and your visibility goes dark, silently. That’s your real blind spot. Not something a course teaches. Something you learn from priest
Sysmon logs your whole endpoint except one thing, itself getting killed. One privileged command unloads the driver and your visibility goes dark, silently. That’s your real blind spot. Not something a course teaches. Something you learn from priest
As a SOC analyst, one of the most common breach attempts I see doesn’t touch a single vulnerability.
It’s just a job interview.
Here’s how it actually plays out 🧵
As a SOC analyst, one of the most common breach attempts I see doesn’t touch a single vulnerability.
It’s just a job interview.
Here’s how it actually plays out 🧵
If a meeting link changes last minute, verify it through a second channel before you click. Every time.
Has your team run into this one? Curious how others are training people to catch it.