概要
TryHackMe「SOC Fundamentals」のWalkthroughです。
Task1
Q1.What does the term SOC stand for?
A.Security Operations Center
Task2
Q1.The SOC team discovers an unauthorized user is trying to log in to an account. Which capability of SOC is this?
A.Detection
Q2.What are the three pillars of a SOC?
A.People, Process, Technology
Task3
Q1.Alert triage and reporting is the responsibility of?
Hint.Choose the relevant role from the list in the task.
A.SOC Analyst (Level 1)
Q2.Which role in the SOC team allows you to work dedicatedly on establishing rules for alerting security solutions?
A.Detection Engineer
Task4
Q1.At the end of the investigation, the SOC team found that John had attempted to steal the system's data. Which 'W' from the 5 Ws does this answer?
A.Who
Q2.The SOC team detected a large amount of data exfiltration. Which 'W' from the 5 Ws does this answer?
A.What
Task5
Q1.Which security solution monitors the incoming and outgoing traffic of the network?
A.Firewall
Q2.Do SIEM solutions primarily focus on detecting and alerting about security incidents? (yea/nay)
A.yea
Task6
Q1.What: Activity that triggered the alert?
ポートスキャンのアクティビティが検知されました。
A.Port Scan
Q2.When: Time of the activity?
A.June 12, 2024 17:24
Q3.Where: Destination host IP?
SIEM Solutionの画面からDestination host ipが確認できます。
A.10.0.0.3
Q4.Who: Source host name?
Source Host Nameを確認できます。
A.Nessus
Q5.Why: Reason for the activity? Intended/Malicious
A.Intended
Q6.Additional Investigation Notes: Has any response been sent back to the port scanner IP? (yea/nay)
A.yea
Q7.What is the flag found after closing the alert?
プライベートIPレンジからのポートスキャンなので誤検知になります。
解答に正解するとフラグが表示されます。
A.THM{000_INTRO_TO_SOC}