Security Analyst Skill Development
Books to Read
- Blue Team Field Manual (BTFM)
- The Blue Team Handbook: SOC
- Practical Packet Analysis
Skills to Develop
- Log Analysis
- Windows logs
- Firewall logs
- DNS logs
- Proxy logs
- Know how to read each
- Understand common attacks on each how the look in logs
- Know common EventIDs
- Traffic Analysis
- WireShark
- Zeek
- Know how all the foundational protocols work and look like
- Understand common traffic anomalies
- Understand how to investigate problems
- Understand how common network attacks work and look like
- SIEM
- Know how SIEM works
- Know how to write queries
- Know how to analyze ingested logs
- Know how to correlate events
- Know how to read and build dashboards
- IR - Event Triage
- Know IR process
- Know common IoCs
- Know common TTPs
- Understand how to analyze various events
- EDR Tools
- Crowdstrike Falcon
- Microsoft Defender for Endpoint
- SentinalOne
Frameworks
- MITRE ATTACK
- NIST IR
- Cyber kill chain