SOC Technology

 

المرة الى فاتت أكلمنا عن أن الـ SOC عبارة عن مثلث لية 3 أضلاع مهمين جدا و أتكلمنا عن  ال   People النهاردة هنشوف ال Technology 

 

 

Security Operation Center Delivery Manager

لما نركز شوية هنلاقى ان الـ SOC لية 3 أضلاع مينفعش يبقى فيهم أى خلل وهما كالاتى:

People

Operation

Technology

تعالوا اوريكم الـ People  بيتمثل فى أية

 

SOC Part 4 "SOC major responsibilities are"

 

SOC major responsibilities are

• · Monitor, Analyze, Correlate & Escalate Intrusion Event
• · Develop Appropriate Responses, Protect, Detect, Respond
• · Conduct Incident Management and Forensic Investigation
• · Maintain Security Community Relationships
• · Assist in Crisis Operation

SOC Part 3 "SOC are Designed To"

 

SOC are Designed To

·         Protect mission critical data and assets
·         Prepare for and respond to cyber emergencies
·         Help provide countintinty and efficient recovery

Splunk SIEM Part 2

 أثناء مذاكرة الـ Splunk Fundamentals كان فى كذا معلومة حبيت أوضحها للناس المهتمة بالـ Soc 

أية Type Of Data الى بيتعامل معاها 

1. Computers 
2. Network Devices
3. Virtual Machines
4. Internet Devices
5. Communication Devices
6. Sensors
7. DataBases
8. Logs
9. Configurations
10. Messages
11. Call Detail Records 
12. Clickstream
13. Alerts
14. Metrics 
15. Scripts 
16. Change 
17. Tickets

و لما نيجى نبص على Deploy هنلاقى

1. Splunk Enterprise 
2. Splunk Cloud 
3. Splunk Light

و فى ال Solutions

• Splunk IT Services Intelligence 
• Splunk Enterprise Security 
• Splunk User Behavior Analytics

نيجى نبص Splunk Components 

• Indexer 
• Search Head
• Forwarder

IBM QRadar SIEM Part1

QRadar Capabilities

· Log Activity

· Network Activity

· Assets

· Offences

· Report

· Data Collection

QRadar Architect :

1. QRadar Console

2. QRadar Event Collector

3. QRadar Event Processor

4. QRadar QFlow Collector

5. QRadar Flow Processor

6. QRadar Data Node

7. QRadar App Host