Learning to triage and investigate security alerts

Posted Mar 28, 2024 Updated Apr 5, 2024

By Nguyen Dang "Zeroska" Khuong 1 min read

Comming soon in April

Inspired by: [Hexacorn - How to become the best SOC analyst ever](https://www.hexacorn.com/blog/2018/02/25/how-to-become-the-best-soc-analyst-e-v-e-r/)

Why triage?

There are no school or university in VN that teach you how to investigate, especially cyber security alert, the lack of process and the mindset is asurb in my opinion.

What is triage and investigate cyber security alerts

Handle Alert Process:

In the military or in medicine, the word triage mean quickly examining to determined the priority and severity to maximize number of thing we can save.

In cyber security, triage mean quickly determined the severity of the alert, or which phase of the alert in the kill chain, and how we should react to that alert.

Triage should be fast

How to actually investigate?

Why you need playbook

How to practise?

Conventional way

Security

beginner

This post is licensed under CC BY 4.0 by the author.