#jobs #incident #vulnerability #security-tools #patch-management #ai #malware #detection-engineering #exploit #cloud #phishing #ransomware #authentication #breach #zero-day
Articles tagged with: #soar Clear filter
Fusion SOAR

Fusion SOAR

CrowdStrike www.reddit.com

Is it just me and I am just too dense and cannot understand basic functions, or does Fusion SOAR just seem clunky? I am by no means a DevOps or API wizard, but trying to do anything in there is just convoluted and confusing. I have been struggling the past couple days just making a simple API call. Is there some good guidance on this I can read up on somewhere or some community templates I can build off of? All I can find are the CrowdStrike provided templates which is kind of disappointing....

#soar
Yara Scans Using CrowdStrike SOAR - Fully operational all inside the console.

Yara Scans Using CrowdStrike SOAR - Fully operational all inside the console.

CrowdStrike www.reddit.com

Hi all. If you need to run Yara on your hosts, I got your solution. Full Guide and files can be downloaded from here - https://limewire.com/d/nebib#42OphHW98T Explanation of the workflow works - · Run on-demand workflow, you will only need to insert the "TargetScanPath" - where you want the Yara to run the scan. · Using device query, we declare on what host groups we want to run the scan. · Scripts that start to run on each host - o 1 st we create the yara_rule.yar file, your Yara rule...

#detection-engineering #soar
FortiSIEM 7.4

FortiSIEM 7.4

cybersecurity www.reddit.com

Anyone tried FortiSIEM specifically 7.4 release? The reason why am asking about this specific version is ... it brought another level for the SaaS flavour of the product, making it pretty much the same as on-prem version, and bringing in embedded SOAR-like capabilities. However, because it is (respectively) new release, can't yet determine its pros and cons I have hybrid infrastructure mixing between cloud and on-prem and from multiple vendors, and trying to determine which SIEM would make the...

#cloud #siem #soar
SOC T1 Become T2 DFIR or Malware

SOC T1 Become T2 DFIR or Malware

cybersecurity www.reddit.com

Hi everyone, I'm currently working as a SOC T 1 for the past 2 months. Before that, I worked as a SOC Engineer for about a year, mainly dealing with SIEM, SOAR, and different SOC tools (configurations, deployments, etc.). Right now, I want to move up to SOC T2 , but I'm not sure what exact path I should take. I'm currently interested in DFIR and Malware Analysis , but I don't know which one I should focus on (I don't mind choosing only one if needed). My main questions are: What topics and...

#malware #siem #dfir #soar
How do you know when it's time to leave SOC?

How do you know when it's time to leave SOC?

cybersecurity www.reddit.com

Looking for some honest advice here. I'm currently a SOC analyst at an MSSP with about 1+ yr experience (started as an "intern" but basically did the same work as full timers for less pay). Current situation: Spend 12-14 hours a day for work closing/escalating tickets, 99% of which are false positives. our team is based of 2 locations the security engineering team is at a different location, and analysts there get way more opportunities for rule tuning, automation projects, SOAR and actual...

#soar
Moving away from Operations

Moving away from Operations

cybersecurity www.reddit.com

I am a SoC Analyst at an MDR providor, currently an L1/junior, I have done 6 months of internship and later been a full time analyst for 14 months now, I have learnt SOAR and I have developed some mid range playbooks and using LLMs modified response action scripts to suit our needs better Now there is a requirement for a full time implementation engineer for SOAR and they are considering me as well for that, over the year I developed my skills enough to do decent investigations, threat hunts...

#soar