> For the complete documentation index, see [llms.txt](https://mainekhacker-1.gitbook.io/mainekhacker/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mainekhacker-1.gitbook.io/mainekhacker/checklists/soc-check-list.md). # SOC Check list ### SOC L1 & L2 Analyst Checklist | **Category** | **Topics** | **Description** | | -------------------------------- | ----------------------------------------- | -------------------------------------------------------------------------------- | | **1. Security Fundamentals** | **Understanding Threat Landscape** | Familiarize with types of threats (malware, phishing, etc.). | | | **Basic Cybersecurity Concepts** | Learn security principles, CIA triad (Confidentiality, Integrity, Availability). | | | **Common Attack Vectors** | Recognize DDoS, SQL injection, XSS, social engineering, etc. | | **2. Monitoring Tools** | **SIEM Tools** | Understand how to use SIEM tools (e.g., Splunk, ELK Stack) for monitoring. | | | **Log Management Solutions** | Implement and analyze logs from various sources (firewalls, servers). | | | **Endpoint Detection and Response (EDR)** | Familiarize with EDR tools and their functionalities. | | **3. Incident Detection** | **Alert Triage** | Prioritize alerts based on severity and context. | | | **Log Analysis** | Analyze logs to detect anomalies and malicious activities. | | | **Threat Intelligence Feeds** | Utilize threat intelligence for identifying emerging threats. | | **4. Incident Response** | **Incident Handling Procedures** | Follow standard operating procedures for incident response. | | | **Communication Protocols** | Establish clear communication channels during incidents. | | | **Documentation Practices** | Maintain accurate incident documentation for actions taken. | | **5. Forensic Techniques** | **Basic Forensics** | Conduct basic analysis of compromised systems. | | | **Data Preservation Techniques** | Ensure the integrity of evidence before analysis. | | | **Digital Forensics Tools** | Familiarize with tools (e.g., FTK Imager, EnCase) for forensic analysis. | | **6. Vulnerability Management** | **Patch Management** | Ensure timely application of security patches and updates. | | | **Vulnerability Scanning** | Conduct regular scans to identify weaknesses using tools like Nessus. | | | **Configuration Management** | Monitor device configurations to ensure security compliance. | | **7. Advanced Threat Detection** | **Behavioral Analysis** | Implement user and entity behavior analytics (UEBA). | | | **Anomaly Detection Techniques** | Learn methods of detecting unusual patterns in network traffic. | | | **Machine Learning in Security** | Understand how ML can enhance threat detection capabilities. | | **8. Compliance and Reporting** | **Regulatory Compliance** | Understand compliance requirements (GDPR, PCI-DSS, HIPAA). | | | **Incident Reporting** | Report findings and incidents in compliance with organizational standards. | | | **Security Metrics and KPIs** | Analyze and report on security performance metrics. | *** ### Beginner to Advanced Topics * **Basic Networking Knowledge** * Learn the fundamentals of networking, including OSI and TCP/IP models. * **Malware Analysis** * Familiarize with various types of malware and methods of detection. * **Phishing Assessment** * Identify and document phishing attempts and analyze potential impact. * **Spear Phishing and Whaling** * Recognize targeted phishing attacks aimed at high-profile individuals. * **Incident Response Drills** * Participate in tabletop exercises to simulate incident response scenarios. * **Red Team vs. Blue Team Collaborations** * Understand the dynamics of offensive (Red Team) and defensive (Blue Team) strategies. * **Automation Tools** * Explore automation solutions for incident response (e.g., SOAR platforms). This checklist provides a structured approach for SOC L1 and L2 analysts by covering vital topics from basic understanding to advanced specialty areas. Each topic is essential for developing skills in protecting and detecting threats effectively in any system environment. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://mainekhacker-1.gitbook.io/mainekhacker/checklists/soc-check-list.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.