Effective Threat Investigation For Soc Analysts Pdf

Can we implement a policy (like MFA or AppLocker) to prevent this attack type entirely? Download the Full Guide

| Artifact | What to look for | |----------|------------------| | Process tree | Parent-child relationships (e.g., powershell.exe launched from winword.exe ) | | Network connections | Beaconing intervals, known C2 domains, ports (445, 3389, 443 unusual) | | File system | Temp folder executable drops, renamed svchost.exe , unusual extensions (.js, .vba) | | Registry / persistence | Run keys, scheduled tasks, WMI event subscriptions | effective threat investigation for soc analysts pdf