Best Tools For SOC Analysts
In this blog we are going to see Best tools for SOC analysts, Top tools for SOC analysts.
You can also see SOC analyst interview questions and answers.
1. Investigation Tools
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
Great tool for monitoring the system and detecting suspicious situations. It’s also free.
Download link.
BrowsingHistoryView is a utility that reads the history data of different Web browsers (Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera) and displays the browsing history of all these Web browsers in one table. The browsing history table includes the following information: Visited URL, Title, Visit Time, Visit Count, Web browser and User Profile. BrowsingHistoryView allows you to watch the browsing history of all user profiles in a running system, as well as to get the browsing history from external hard drive. It gives you the history of different browsers in one table.
Download link.
It displays all event logs in a table, which helps to decrease the investigation
time.
FullEventLogView is a simple tool for Windows 11/10/8/7/Vista that displays in a table the details of all events from the event logs of Windows, including the event description. It allows you to view the events of your local computer, events of a remote computer on your network, and events stored in .evtx files. It also allows you to export the events list to text/csv/tab-delimited/html/xml file from the GUI and from command-line.
Download link.
2. Reputation Checking Tools
You can both IP and hash search on VT database. and find relationships about suspicious IP/files
Website – www.virustotal.com
You can check if the IP address has been reported before. Let’s say you found a suspicious IP address on your firewall logs and want to ensure is IP address did something bad before.
Website link – https://www.abuseipdb.com/
You can search by IP, domain, or network owner for real-time threat data.
Website link – https://www.talosintelligence.com/
3. Online Sandbox
This is an interactive malware analysis platform. Very useful for finding command and control addresses of malware and understanding the purpose. You can use it with the free version.
Website link – https://any.run/
It provides an analysis report with Falcon Sandbox and Hybrid Analysis
technology.
Website link – https://www.hybrid-analysis.com/
f you specifically want to scan URL addresses, it’s useful tool for you.
Website Link – https://urlscan.io/
4. Others
During the phishing campaign analysis, it would be helpful for spoofing analysis. You can compare the SMTP addresses.
Website link – https://mxtoolbox.com/
It helps to analyze the Microsoft OLE2 files (Office documents, Outlook
messages, etc.)
Tool link – https://github.com/decalage2/oletools
