SOC Analyst’s Arsenal: Essential Tools, Tips and Tricks for Effective Investigations
2023-10-15 , WestIn - Munich

In the ever-evolving landscape of cybersecurity threats, SOC analysts play a vital role in detecting, investigating, and responding to incidents. To excel in their mission, SOC analysts need to leverage a comprehensive arsenal of tools, along with proven tips and tricks, to conduct efficient and effective investigations.

In this talk, we will dive deep into the SOC analyst's world, exploring the essential tools, invaluable tips, and time-saving tricks that can supercharge investigations. Join us for an engaging session that will empower SOC analysts of all skill levels with the tools, tips, and tricks necessary for effective investigations.


We will begin with an OPSEC warning after which we will explore SOC analyst tools that form the foundation of a robust SOC analyst's toolkit and highlight the most valuable functionalities. Main areas that will be covered:

  • Reputation engines and related info
  • Quick sandboxing
  • Analysis of evtx and malware
  • Other useful tools

Additionally, we will share battle-tested tips and tricks used by experienced SOC analysts in the field. These invaluable insights will cover a range of topics, including:

  • OSINT gathering
  • Log manipulation and transformation
  • Scripting and automation opportunities

Moreover, we will mention the importance of collaboration and knowledge sharing within the SOC analysts and propose ways to leverage gamified table top exercise to ignite the conversation and teamwork.

We will end the talk with question to the audience: “What are other tools you like to use during investigations?"

See also: Slides

Samuel is a SOC Team Manager at Ontinue, where he leads EMEA team of Analysts providing MDR service for Ontinue's customers. Samuel has 6 years of experience working in different Security Operation Centres as Analyst and Engineer. He loves all things related to SOC with main interests in SecOps, Threat Hunting and DFIR.