SOC Defense against Dark Art

Muhammad Huzaifa Jamil


Supervised by Yulia Cherdantseva; Moderated by Amir Javed

This research aims to build guidelines for the Security Operation Center analyst in order to respond against different types of attacks. The security operation center is the heart of any organization as it is the first line of defense. SOC consist of mainly four roles Security analyst, security engineer, security manager, and chief information security officer. The security analyst role is further divided into three levels, Our research focuses on all three levels from the detection of the attack to the response against that attack.The purpose of the playbook is to provide steps that a security analyst needs to take for analysis and come up with a decision whether it is a false positive or true positive. These playbook contains the in depth details of which tools and logs should be considered for analysis. The tool used for playbook modeling would be FRIP tool.

The playbooks developed for attacks will include but not be limited to: • Malware. • Denial of service. • Phishing. • Code injection. • Crypto jacking. • Man in the middle. • Network intrusion. • Directory Traversal.

Final Report (05/10/2023) [Zip Archive]

Publication Form