#cybersecurity #blueteaming #networkanalysis

Imagine you detect a sudden surge in network traffic during a routine monitoring session. As a SOC analyst with a focus on network analysis, describe the practical steps you would take to investigate and respond to this unusual activity. Discuss the specific network data sources and tools you would leverage, the criteria for identifying potential threats, and how you would collaborate with other team members to determine the nature and severity of the situation. Provide an example of a false alarm you encountered and how you handled it.

cyber security
Junior Level

Traffic Baseline Comparison

Action: Compare current traffic with historical baselines.


  • Use network monitoring tools like Wireshark, tcpdump, or NetFlow analyzers.
  • Capture and analyze traffic patterns to identify any significant deviations.

Example: Use Wireshark to capture and analyze current...

Code Labs Academy © 2024 All rights reserved.