Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Incident Response in the Age of Cloud

You're reading from   Incident Response in the Age of Cloud Techniques and best practices to effectively respond to cybersecurity incidents

Arrow left icon
Product type Paperback
Published in Feb 2021
Publisher Packt
ISBN-13 9781800569218
Length 622 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Dr. Erdal Ozkaya Dr. Erdal Ozkaya
Author Profile Icon Dr. Erdal Ozkaya
Dr. Erdal Ozkaya
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Getting Started with Incident Response 2. Incident Response – Evolution and Current Challenges FREE CHAPTER 3. How to Organize an Incident Response Team 4. Key Metrics for Incident Response 5. Methods and Tools of Incident Response Processes 6. Incident Handling 7. Incident Investigation 8. Incident Reporting 9. Incident Response on Multiple Platforms 10. Cyber Threat Intelligence Sharing 11. Incident Response in the Cloud 12. Building a Culture of Incident Readiness 13. Incident Response Best Practices 14. Incident Case Studies 15. Ask the Experts 16. Other Books You May Enjoy
17. Index

Reporting to a SOC team and third-party services using IOC feeds

Some of the significant objectives of a SOC team are to monitor enterprise systems, secure systems against data breaches, and proactively identify and mitigate security risks. Monitoring their environment for malicious activities requires them to know what attackers are doing and how to find suspicious activity within their infrastructure.

Therefore, third-party services like Indicator of Compromise (IOC) feeds are important sources for SOC team members to get data intelligence because, when cyber criminals attack an organization, they usually leave traces like IP addresses, host and domain names, email addresses, filenames, file hashes, and so on.

Organizations using a variety of cybersecurity solutions are generally integrated with one or more IOC feeds to create a cyber intelligence data pool to prevent future attacks. With this information acquired from IOC feeds, an SOC member can conduct an in-depth investigation...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image