• Gerald Auger, PhD

SOC Analyst Tools on a Budget

Responsible for IT and #cybersecurity at your work?


I’ve had to wear many ‘hats’ 🤠 in my 20 year cyber career including defending, and speed is essential.



Check out these 5 SOC Analyst web-based tools that will LEVEL UP your SOC game and help you move faster on detecting ‘bad’ 👇


 

[1] Virustotal https://www.virustotal.com/

OG tool on the Interwebs. Drop a file, hash, or URL up here and quickly get report back on what services are saying about its level of ‘bad’. This is OG, but shouldn’t be your only tool. I find the results can have mixed benefit.



[2] Shodan Monitor https://monitor.shodan.io/

Valuable feature often overshadowed by Shodan’s main capability, monitor allows you to get Just In Time alerting if your external network IP space has vulnerable assets.

Its automated value and allows you to keep an eye on your Internet facing assets (and find Shadow IT) 😲

Speed is essential!

[3] Any Run https://app.any.run/

Malware sandbox that I love 💖 Have a malcious or unknown file and want to see what it does fast, drop it in any run. Saves you tons of time of building a VM if you’re just looking for a quick analysis.⚡



[4] URL Scan https://urlscan.io/

Funky or shady URL in an email or DM? Use this tool to “air-gap” your system from this site, but still allow you to see what it resolves to. Again, this is great for quick analysis ⚡


[5] Echo Trail https://www.echotrail.io/

This one is new on the scene, but very interesting. Weird process, service, or dll showing up and not sure if its legit? Instead of combing through google results trying to see whats up, Echo Trail is a repo of known good files and services allowing you to look it up. It flips the concept of “is this bad” on its head. Def a must bookmark for SOC Analysts.




 

Complement these tools with killer answers to SOC Analyst interview questions to really round you out.


I’ve made a total SOC Analyst Interview Questions and Answers video for you. Check it out. https://youtu.be/YfNr1vx3lEM