Top tools for SOC analysts

Best Tools For SOC Analysts

1. Investigation Tools

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

Great tool for monitoring the system and detecting suspicious situations. It’s also free.

Download  link.

Top Tools For SOC Analysts

BrowsingHistoryView is a utility that reads the history data of different Web browsers (Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera) and displays the browsing history of all these Web browsers in one table. The browsing history table includes the following information: Visited URL, Title, Visit Time, Visit Count, Web browser and User Profile. BrowsingHistoryView allows you to watch the browsing history of all user profiles in a running system, as well as to get the browsing history from external hard drive. It gives you the history of different browsers in one table.

Download link.

Top Tools For SOC Analysts

It displays all event logs in a table, which helps to decrease the investigation
time.

FullEventLogView is a simple tool for Windows 11/10/8/7/Vista that displays in a table the details of all events from the event logs of Windows, including the event description. It allows you to view the events of your local computer, events of a remote computer on your network, and events stored in .evtx files. It also allows you to export the events list to text/csv/tab-delimited/html/xml file from the GUI and from command-line.

Download link.

fulleventlogview

2. Reputation Checking Tools

You can both IP and hash search on VT database. and find relationships about suspicious IP/files

Website –  www.virustotal.com  

VirusTotal

You can check if the IP address has been reported before. Let’s say you found a suspicious IP address on your firewall logs and want to ensure is IP address did something bad before.

Website link – https://www.abuseipdb.com/

Abuse IPDb

You can search by IP, domain, or network owner for real-time threat data.

Website link – https://www.talosintelligence.com/

15.01.2023 20.04.33 REC

3. Online Sandbox

This is an interactive malware analysis platform. Very useful for finding command and control addresses of malware and understanding the purpose. You can use it with the free version.

Website link – https://any.run/

screenhd graph

It provides an analysis report with Falcon Sandbox and Hybrid Analysis
technology.

Website link – https://www.hybrid-analysis.com/

15.01.2023 20.10.20 REC

f you specifically want to scan URL addresses, it’s useful tool for you.

Website Link – https://urlscan.io/

15.01.2023 20.12.20 REC

4. Others

During the phishing campaign analysis, it would be helpful for spoofing analysis. You can compare the SMTP addresses.

Website link – https://mxtoolbox.com/

15.01.2023 20.26.14 REC

Provides malicious APK data

Website link – https://koodous.com/

15.01.2023 20.25.00 REC

It helps to analyze the Microsoft OLE2 files (Office documents, Outlook
messages, etc.)

Tool link – https://github.com/decalage2/oletools

 

15.01.2023 20.25.28 REC
Spread the love

Leave a Comment

Your email address will not be published. Required fields are marked *