SOC w Praktyce: Analiza Platform

• SOC Platforms Terminology: An introduction to Security Operations Center concepts, explaining key acronyms and solutions like EDR, NDR, XDR, SIEM, and SOAR, as well as the differences between managed security services.
• Data Ingestion: Exploring different methods of feeding data into SOC platforms, including files, network protocols (TCP/UDP, Syslog, Netflow), scripts, and APIs. It also compares Agent vs. Agentless approaches (e.g., using Splunk UF, Elastic Filebeat, or Wazuh Agent).
• Searching and Transforming Data: Techniques for processing and querying the ingested security logs to find potential threats.
• Scale: Addressing the challenges of scaling SOC operations and managing massive volumes of data efficiently.
• Data Enrichment and SOAR: Enhancing security alerts with additional context and automating incident responses using Security Orchestration, Automation, and Response tools.
• Incident Systems: Managing, tracking, and resolving detected security incidents.
• Platform Comparison: A comparative overview of various SOC platforms available on the market.
• Practical Labs: Two 20-minute hands-on laboratory sessions designed to apply the theoretical knowledge in practice.

Link