Null Bhubaneswar , profile picture
Uploaded byNull Bhubaneswar
PPTX, PDF1,079 views

Blue Team

The document discusses blue teams and the role of SOC analysts. It defines a blue team as a company's cybersecurity employees housed in a SOC, made up of highly skilled analysts who work to defend and improve organizational defenses. Different roles in a blue team are outlined, including SOC analysts, threat hunting, threat intelligence, malware analysis, and digital forensics. The responsibilities of an entry-level SOC analyst are described, along with common SIEM tools and example event types monitored. Finally, it suggests ways for SOC analysts to learn and grow in their careers.

Technology
Related topics:
Blue Team

Embed presentation

Downloaded 18 times
Blue Team Sabyasachi Sahoo SOC L1
Agenda • What is blue team • Why company Need blue team Member’s • Basic of Soc • Where to learn and Grow 20XX 2
20XX 3
Introduction Presentation title A blue team is a company's own cybersecurity employees, which is usually housed in a Security Operations Centre (SOC). The SOC is made up of highly skilled analysts who work around the clock to defend and improve their organization's defenses. 20XX 4
All Blue Teams are defenders, but not all defenders are part of a Blue Team.
The blue team's methods include: Presentation title 20XX 6
DAMAGES VS ATTACKER’S
Different Teams in Blue Team IN MNC SOC Analyst[L1,L2,L3] Threat Hunting Threat inteiligence Malware Analyst  OSINT Investigator DFIR
SOC OVERVIEW • Level 1 SOC Analyst is an operational role, focusing on real time security event monitoring and security incident investigation. As a Level 1 SOC Analyst you will actively monitor security threats and risks involving customers’ infrastructure. More specifically, the key responsibilities are the following: • continuously monitors the security alerts queue • triages security alerts • monitors health of customer security sensors and SIEM infrastructure • collects data and context necessary to initiate Level 2 escalation • delivers scheduled and ad-hoc reports • works closely with Level 2 & Level 3 team towards the continuous improvement of the service • Job Schedule: 24x7 shift environment
SOC analyst career path
SEIM TOOLS • SIEM stands for Security Information and Event Management. SIEM tools provide real-time analysis of security alerts generated by applications and network hardware. LogRhythm NextGen SIEM • MIcro Focus ArcSight ESM Solar Winds Threat Monitor Splunk Enterprise Security IBM QRadar Elk
EVENT TYPE • 4624=Successful Logon • 4625=logon Failed • 4672=Special privileges assigned to new logon • 4771= Kerberos pre- authentication failed. • 4726= A user account was deleted. • 4956= Windows Firewall has changed the active profile.
How to check reputation of any Ip and URL
Where to learn and grow
Blue Team
Blue Team

More Related Content

PPTX
Red Team vs. Blue Team
byEC-Council
 
PPTX
Introduction to SOC
byBoni Yeamin
 
PPTX
Red team and blue team in ethical hacking
byVikram Khanna
 
PPTX
Intrusion detection
byUmesh Dhital
 
PPTX
Hunting for APT in network logs workshop presentation
byOlehLevytskyi1
 
PDF
Noah Maina: Computer Emergency Response Team (CERT)
byHamisi Kibonde
 
PDF
Introduction IDS
byHitesh Mohapatra
 
PPTX
Check Mates Maestro under the hood 2022.pptx
byDzung Dang Chi
 
Red Team vs. Blue Team
byEC-Council
 
Introduction to SOC
byBoni Yeamin
 
Red team and blue team in ethical hacking
byVikram Khanna
 
Intrusion detection
byUmesh Dhital
 
Hunting for APT in network logs workshop presentation
byOlehLevytskyi1
 
Noah Maina: Computer Emergency Response Team (CERT)
byHamisi Kibonde
 
Introduction IDS
byHitesh Mohapatra
 
Check Mates Maestro under the hood 2022.pptx
byDzung Dang Chi
 

What's hot

PDF
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
PPTX
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
PPTX
SOAR and SIEM.pptx
byAjit Wadhawan
 
PPTX
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
PDF
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
PPTX
Introduction to SIEM.pptx
byneoalt
 
PPTX
Soc
byMukesh Chaudhari
 
PPTX
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
PPTX
MITRE ATT&CK framework
byBhushan Gurav
 
PDF
SIEM Architecture
byNishanth Kumar Pathi
 
PDF
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
PPTX
SIEM - Activating Defense through Response by Ankur Vats
byOWASP Delhi
 
PDF
Cyber Threat Intelligence
byZaiffiEhsan
 
PPTX
Red team Engagement
byIndranil Banerjee
 
PDF
Web security uploadv1
bySetia Juli Irzal Ismail
 
PDF
Strategy considerations for building a security operations center
byCMR WORLD TECH
 
PPTX
Threat Hunting with Splunk
bySplunk
 
PDF
Vulnerability Management
byasherad
 
PDF
Building an InfoSec RedTeam
byDan Vasile
 
PPTX
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
SOAR and SIEM.pptx
byAjit Wadhawan
 
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
Introduction to SIEM.pptx
byneoalt
 
Soc
byMukesh Chaudhari
 
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
MITRE ATT&CK framework
byBhushan Gurav
 
SIEM Architecture
byNishanth Kumar Pathi
 
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
SIEM - Activating Defense through Response by Ankur Vats
byOWASP Delhi
 
Cyber Threat Intelligence
byZaiffiEhsan
 
Red team Engagement
byIndranil Banerjee
 
Web security uploadv1
bySetia Juli Irzal Ismail
 
Strategy considerations for building a security operations center
byCMR WORLD TECH
 
Threat Hunting with Splunk
bySplunk
 
Vulnerability Management
byasherad
 
Building an InfoSec RedTeam
byDan Vasile
 
Getting started with using the Dark Web for OSINT investigations
byOlakanmi Oluwole
 

Similar to Blue Team

PDF
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
PPTX
Security operation center (SOC)
byAhmed Ayman
 
PDF
SOC Analyst Interview Questions & Answers.pdf
byinfosec train
 
PPTX
Security Operations Center Analyst Presentation
bykundansaraf1
 
PDF
𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!
byMansi Kandari
 
PDF
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
byInfosecTrain Education
 
PDF
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
byinfosecTrain
 
PDF
Best SOC Career Guide InfosecTrain .pdf
byinfosec train
 
PDF
Make Career As Security Operations Center (SOC) Analyst - IISecurity
byInstitute of Information Security
 
PDF
The Ultimate Security Operations Center Career Guide
bypriyanshamadhwal2
 
PPTX
A Deeper Dive into SOC Operations and Roles
bywininlifeacademy5
 
PDF
Different SOC Career Opportunities 2025.pdf
byinfosec train
 
PDF
Skill Set Needed to work successfully in a SOC
byFuad Khan
 
PDF
Exploring the SOC Career Pathway in 2025.pdf
byinfosecTrain
 
PDF
𝐄𝐱𝐩𝐥𝐨𝐫𝐢𝐧𝐠 𝐭𝐡𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐏𝐚𝐭𝐡𝐰𝐚𝐲 𝐢𝐧 𝟐𝟎𝟐𝟓: 𝐘𝐨𝐮𝐫 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐉𝐨𝐮𝐫𝐧𝐞𝐲 𝐒𝐭𝐚𝐫𝐭𝐬 𝐇...
byMansi Kandari
 
PDF
Different SOC Career Opportunities by InfosecTrain
bypriyanshamadhwal2
 
PDF
The Security Operations Centre Career Pathways in 2025
byInfosecTrain
 
PPTX
SOC Duties and Training Needs
byAmin Asia
 
PDF
Unlock Your Ultimate SOC Career Guide - Infosectrain
byinfosecTrain
 
PPTX
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
byhforhassan101
 
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
Security operation center (SOC)
byAhmed Ayman
 
SOC Analyst Interview Questions & Answers.pdf
byinfosec train
 
Security Operations Center Analyst Presentation
bykundansaraf1
 
𝐔𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐆𝐮𝐢𝐝𝐞!
byMansi Kandari
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
byInfosecTrain Education
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
byinfosecTrain
 
Best SOC Career Guide InfosecTrain .pdf
byinfosec train
 
Make Career As Security Operations Center (SOC) Analyst - IISecurity
byInstitute of Information Security
 
The Ultimate Security Operations Center Career Guide
bypriyanshamadhwal2
 
A Deeper Dive into SOC Operations and Roles
bywininlifeacademy5
 
Different SOC Career Opportunities 2025.pdf
byinfosec train
 
Skill Set Needed to work successfully in a SOC
byFuad Khan
 
Exploring the SOC Career Pathway in 2025.pdf
byinfosecTrain
 
𝐄𝐱𝐩𝐥𝐨𝐫𝐢𝐧𝐠 𝐭𝐡𝐞 𝐒𝐎𝐂 𝐂𝐚𝐫𝐞𝐞𝐫 𝐏𝐚𝐭𝐡𝐰𝐚𝐲 𝐢𝐧 𝟐𝟎𝟐𝟓: 𝐘𝐨𝐮𝐫 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐉𝐨𝐮𝐫𝐧𝐞𝐲 𝐒𝐭𝐚𝐫𝐭𝐬 𝐇...
byMansi Kandari
 
Different SOC Career Opportunities by InfosecTrain
bypriyanshamadhwal2
 
The Security Operations Centre Career Pathways in 2025
byInfosecTrain
 
SOC Duties and Training Needs
byAmin Asia
 
Unlock Your Ultimate SOC Career Guide - Infosectrain
byinfosecTrain
 
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
byhforhassan101
 

More from Null Bhubaneswar

PDF
WAF 101
byNull Bhubaneswar
 
PPTX
OWASP TOP 10 VULNERABILITIS
byNull Bhubaneswar
 
PPTX
Saying Hello to Bug Bounty
byNull Bhubaneswar
 
PPTX
Lightweight static code analysis with semgrep
byNull Bhubaneswar
 
PPTX
Intro to Reverse Engineering
byNull Bhubaneswar
 
PPTX
Online Financial Fraud
byNull Bhubaneswar
 
PDF
BurpSuiteOverview
byNull Bhubaneswar
 
PPTX
Information Security 101
byNull Bhubaneswar
 
PPTX
how_to_get_into_infosec
byNull Bhubaneswar
 
PPTX
Online_financial_fraud Episode 2
byNull Bhubaneswar
 
PPTX
Information Security 201
byNull Bhubaneswar
 
PPTX
Cloud_PT
byNull Bhubaneswar
 
PPTX
Introduction_to_Cloud
byNull Bhubaneswar
 
PPTX
Online_financial_fraud3
byNull Bhubaneswar
 
PPTX
Linux Basic Commands
byNull Bhubaneswar
 
PPTX
Web App Pen Test
byNull Bhubaneswar
 
WAF 101
byNull Bhubaneswar
 
OWASP TOP 10 VULNERABILITIS
byNull Bhubaneswar
 
Saying Hello to Bug Bounty
byNull Bhubaneswar
 
Lightweight static code analysis with semgrep
byNull Bhubaneswar
 
Intro to Reverse Engineering
byNull Bhubaneswar
 
Online Financial Fraud
byNull Bhubaneswar
 
BurpSuiteOverview
byNull Bhubaneswar
 
Information Security 101
byNull Bhubaneswar
 
how_to_get_into_infosec
byNull Bhubaneswar
 
Online_financial_fraud Episode 2
byNull Bhubaneswar
 
Information Security 201
byNull Bhubaneswar
 
Cloud_PT
byNull Bhubaneswar
 
Introduction_to_Cloud
byNull Bhubaneswar
 
Online_financial_fraud3
byNull Bhubaneswar
 
Linux Basic Commands
byNull Bhubaneswar
 
Web App Pen Test
byNull Bhubaneswar
 

Recently uploaded

PDF
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
PDF
AI Driven & AI Native Development AI native development
byZainKarim7
 
PPTX
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
PDF
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PDF
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
PDF
Top 10 API Automation Testing Tools: Features, Pros & Cons
byhenrycavill30521
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PDF
IAI-Unit1-notes useful.............................
bydinesh620610
 
PPT
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
PPTX
Introduction to Computer Network Concepts.pptx
byAnacrissa Soriano
 
PPTX
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
PDF
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PDF
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
PDF
250 Prompts - ChatGPT acting as your Assistant
byMihir Nagarkar
 
DOCX
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
PDF
कम्प्यूटर.pdf for all computer examination
bynm92169694
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
AI Driven & AI Native Development AI native development
byZainKarim7
 
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
Top 10 API Automation Testing Tools: Features, Pros & Cons
byhenrycavill30521
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
IAI-Unit1-notes useful.............................
bydinesh620610
 
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
Introduction to Computer Network Concepts.pptx
byAnacrissa Soriano
 
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
250 Prompts - ChatGPT acting as your Assistant
byMihir Nagarkar
 
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
कम्प्यूटर.pdf for all computer examination
bynm92169694
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 

Blue Team

  • 1.
  • 2.
    Agenda • What isblue team • Why company Need blue team Member’s • Basic of Soc • Where to learn and Grow 20XX 2
  • 3.
  • 4.
    Introduction Presentation title A blueteam is a company's own cybersecurity employees, which is usually housed in a Security Operations Centre (SOC). The SOC is made up of highly skilled analysts who work around the clock to defend and improve their organization's defenses. 20XX 4
  • 5.
    All Blue Teamsare defenders, but not all defenders are part of a Blue Team.
  • 6.
    The blue team'smethods include: Presentation title 20XX 6
  • 7.
  • 8.
    Different Teams inBlue Team IN MNC SOC Analyst[L1,L2,L3] Threat Hunting Threat inteiligence Malware Analyst  OSINT Investigator DFIR
  • 9.
    SOC OVERVIEW • Level1 SOC Analyst is an operational role, focusing on real time security event monitoring and security incident investigation. As a Level 1 SOC Analyst you will actively monitor security threats and risks involving customers’ infrastructure. More specifically, the key responsibilities are the following: • continuously monitors the security alerts queue • triages security alerts • monitors health of customer security sensors and SIEM infrastructure • collects data and context necessary to initiate Level 2 escalation • delivers scheduled and ad-hoc reports • works closely with Level 2 & Level 3 team towards the continuous improvement of the service • Job Schedule: 24x7 shift environment
  • 10.
  • 11.
    SEIM TOOLS • SIEMstands for Security Information and Event Management. SIEM tools provide real-time analysis of security alerts generated by applications and network hardware. LogRhythm NextGen SIEM • MIcro Focus ArcSight ESM Solar Winds Threat Monitor Splunk Enterprise Security IBM QRadar Elk
  • 12.
    EVENT TYPE • 4624=SuccessfulLogon • 4625=logon Failed • 4672=Special privileges assigned to new logon • 4771= Kerberos pre- authentication failed. • 4726= A user account was deleted. • 4956= Windows Firewall has changed the active profile.
  • 13.
    How to checkreputation of any Ip and URL
  • 16.