Table Of Contents :
- 1 Best Tools For SOC Analysts
- 1.1 1. Investigation Tools
- 1.2 2. Reputation Checking Tools
- 1.3 3. Online Sandbox
- 1.4 4. Others
1. Investigation Tools
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
Great tool for monitoring the system and detecting suspicious situations. It’s also free.
BrowsingHistoryView is a utility that reads the history data of different Web browsers (Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera) and displays the browsing history of all these Web browsers in one table. The browsing history table includes the following information: Visited URL, Title, Visit Time, Visit Count, Web browser and User Profile. BrowsingHistoryView allows you to watch the browsing history of all user profiles in a running system, as well as to get the browsing history from external hard drive. It gives you the history of different browsers in one table.
It displays all event logs in a table, which helps to decrease the investigation
FullEventLogView is a simple tool for Windows 11/10/8/7/Vista that displays in a table the details of all events from the event logs of Windows, including the event description. It allows you to view the events of your local computer, events of a remote computer on your network, and events stored in .evtx files. It also allows you to export the events list to text/csv/tab-delimited/html/xml file from the GUI and from command-line.
You can check if the IP address has been reported before. Let’s say you found a suspicious IP address on your firewall logs and want to ensure is IP address did something bad before.
Website link – https://www.abuseipdb.com/
You can search by IP, domain, or network owner for real-time threat data.
Website link – https://www.talosintelligence.com/
3. Online Sandbox
This is an interactive malware analysis platform. Very useful for finding command and control addresses of malware and understanding the purpose. You can use it with the free version.
Website link – https://any.run/
It provides an analysis report with Falcon Sandbox and Hybrid Analysis
Website link – https://www.hybrid-analysis.com/
f you specifically want to scan URL addresses, it’s useful tool for you.
Website Link – https://urlscan.io/