Focus2Learn
  • Way2Learn
  • OSI Model
    • Intro
    • OSI Model Layers - Functions and Protocols
    • TCP/IP Protocol Suite
    • Layers Functionalities
    • TCP and UDP ports
    • Network Connecting Devices
    • Network Security Devices
    • Network Vulnerability
    • Kerbros
  • Architectures
    • Qradar
    • Splunk ES
    • SOC Analyst Work Culture
    • Playbooks
  • Information Security
    • AAA
    • CIA Traid
    • Cyber Attacks
    • Cyber Kill Chain
    • Threat - Vulnerability - Exploit - Risk
    • MITRE ATT&CK Framework
    • Spoofing Attacks
  • Log Analysis
    • SSL
    • Splunk Queries
    • Log Aggregation, Processing and Analysis for Security
    • Firewall Logging
    • Proxy Server
    • DNS Server
    • Email Analysis
    • Network Data Analysis
    • Web Application Security
    • Threat Hunting with Microsoft O365 Logs
    • Darktrace
    • EDR
    • Random Topics
    • Incident Response
    • Windows Logs
    • Windows Ransomware Detection
    • Ref Diagrams
  • External Sites
    • Fav Links
    • Cyber-Kill-Chain_YouTube_Link
    • OWASP TOP 10 - 2017
    • Splunk UseCases
    • CCNA Course
    • Switch
    • Port Numbers
    • Windows Event IDs
    • Splunk-Oxygen
    • Privilege Escalation Attack
    • Threat Hunting with Splunk
  • PDF Files
    • Imp PDF Files
  • Online Reputation Checking Tool
  • AWS Cloud Security
    • AWS GuardDuty
  • Security Controls
  • CrowdStrike
    • Falcon Queries
    • User Sessions Hunting
    • Day to Day
    • Hunting Falcon
  • DarkTrace
    • Ref Links
  • Web Application Security
    • Links
Powered by GitBook
On this page
  • APT(Advanced Persistent Threats)
  • IOCs(Indicators of compromise)

Was this helpful?

  1. Log Analysis

Random Topics

APT(Advanced Persistent Threats)

A: Targeted, Coordinated, Purposeful P: Month after Month, Year after Year T: Person(s) with Intent, Opportunity, and Capability

IOCs(Indicators of compromise)

These are forensic artifacts of an intrusion that can be identified on a host or network. Type of IOCs

  • Atomic

  • Computed

  • Behavioral

Some key of IOCs to monitor:

  • Unusual outbound Network Traffic

  • Anomalies in Privileged user account activity

  • Geographical Irregularities

  • Other Log-in red flags

  • Swells in Database read volume

  • HTML response size

  • Large numbers of requests for the same file

  • Mismatched Port-application traffic

  • Suspicious registry or system file changes

  • DNS request anomalies

PreviousEDRNextIncident Response

Last updated 4 years ago

Was this helpful?