šŸ”“
PURPLEBYTEONE
  • main
  • Notes
    • Education
      • Base
        • Information Technology
          • OpenText
            • Courses
              • Security and Forensics
                • EnCaseā„¢ eDiscovery Series
                  • ED290 - eDiscovery Training with EnCase Information Assurance
                • EnCaseā„¢ Crossover Series
                  • DFIR450 - EnCase EnScript Programming
                  • DFIR370 - Host Intrusion Methodology and Investigation
                  • DFIR350 - Internet-based Investigations
                  • DFIR130 - EnCase Endpoint Investigator
                • EnCaseā„¢ Incident Response Series
                  • IR280 - EnCase Endpoint Security
                  • IR250 - Incident Investigation
                • EnCaseā„¢ Digital Forensics Series
                  • DF420 - Mac Examinations
                  • DF410 - NTFS Examinations
                  • DF320 - Advanced Analysis of Windows Artifacts
                  • DF310 - EnCase Certified Examiner
                  • DF210 - Building an Investigation
                  • DF125 - Mobile Device Examinations
                  • DF120 - Foundations in Digital Forensics
              • Business Network
              • Digital Process Automation
              • Platform Solutions
              • Discovery
              • Digital Experience
              • Analytics
              • Enterprise Content Management
          • Harvard University
            • CS 50
          • LPI
            • Courses
              • Essentials
                • Linux Essentials: 010
                • Security Essentials: 020
                • Web Development Essentials: 030
              • Professional
                • LPIC-1
                  • 101
                  • 102
                • LPIC-2
                  • 201
                  • 202
                • LPIC-3
                  • 300
                  • 303
                  • 305
                  • 306
          • Cloud Orchestration
            • Docker
            • Kubernetes
              • KCNA
              • CKA
              • CKS
          • Google Cloud
            • Path
              • Google Cloud Computing Foundations
              • Network Engineer Learning Path
              • Database Engineer Learning Path
              • Cloud Engineer Learning Path
              • Security Engineer Learning Path
              • Cloud Architect Learning Path
              • Cloud Developer Learning Path
          • VMware
            • Courses
              • Carbon Black
                • Professional
                  • Endpoint Security: Core Technical Skills
                  • App Control Administrator
                  • EDR Administrator
                • Advanced
                  • App Control Advanced Administrator
                  • Advanced Operations and Troubleshooting
                  • Audit and Remediation
                  • Endpoint Standard
                  • Enterprise EDR
                  • EDR Advanced Administrator
                  • EDR Advanced Analyst
          • Amazon
            • Courses
              • Foundation
                • AWS Certified Cloud Practitioner
              • Associate
                • AWS Certified Solutions Architect
              • Professional
                • AWS Certified Solutions Architect
              • Speciality
                • AWS Certified Advanced Networking
                • AWS Certified Security ā€“ Specialty
          • Microsoft
            • Courses
              • Azure
                • AZ - 900
                • AZ - 104
                • AZ - 305
                • SC - 900
                • SC - 200
                • SC - 300
                • AZ - 500
                • MS-500
                • SC - 400
                • SC - 100
          • The Code
            • Platform
              • FreeCodeCamp
              • W3
            • Language
              • Python
              • PowerShell
              • JavaScript
              • PHP
              • SQL
              • GO
              • Java
              • Perl
              • Ruby
              • Scala
              • C
              • C#
              • C++
              • Brainfuck
              • CSS
              • JSON
              • Kotlin
              • LOLCODE
              • MISP
              • MongoDB
              • Objective-C
              • Perl
              • Rust
              • SAAS
              • Scala
              • Solidity
              • SWIFT
              • TypeScript
              • WebAssembly
              • XML
              • YAML
              • AngularJS
              • Ansible
              • BASH
              • Docker
              • GIT
              • jQuery
              • VIM
          • OKTA
        • Purple Team
          • Splunk
            • Courses
              • Udemy
            • Notes
          • Security Team Blue
            • Courses
              • BTL v1
              • BTL v2
          • ISC2
            • CC
              • Introduction
              • Security Principles
                • Security Concepts of Information Assurance
                • Risk Management Process
                • Security Controls
                • Governance Elements and Processes
                • Terms and Definitions
              • Incident Response
                • Understand Incident Response
                • Business Continuity
                • Disaster Recovery
              • Access Control Concepts
                • Access Control Concepts
                • Physical Access Controls
                • Logical Access Controls
              • Network Security
                • Computer Networking
                • Threats and Attacks
                • Network Security Infrastructure
              • Security Operations
            • SSCP
            • CISSP
            • CCSP
          • TCM Security
            • Courses
              • Python 101
              • Python 201
              • Linux 101
              • External Pentest Playbook
              • Windows Privilege Escalation
              • Linux Privilege Escalation
              • Movement, Pivoting and Persistence
              • Practical Phishing Assessments
              • Practical Web Application Security
              • Practical Malware Analysis
              • Mobile
              • (OSINT) Fundamentals
              • PEH
            • Certification
              • PNPT
              • PJMR
          • Coursera
            • Courses
              • NYU
                • Introduction to Cyber Security Specialization
              • Google
                • Google Cybersecurity Professional
                  • Foundations of Cybersecurity
                  • Play It Safe: Manage Security Risks
                  • Connect and Protect: Networks and Network Security
                  • Tools of the Trade: Linux and SQL
                  • Assets, Threats, and Vulnerabilities
                  • Sound the Alarm: Detection and Response
                  • Automate Cybersecurity Tasks with Python
                  • Put It to Work: Prepare for Cybersecurity Jobs
          • ICSI Global
          • OccupyTheWeb
            • Courses
              • GSBMH
              • NBFH
              • LBFH
          • CompTIA
            • Courses
              • Core Base
                • A+
                  • Chapter 1
                • Network+
                  • Chapter 1
                • Linux+
                  • Chapter 1
                  • Chapter 2
                • Cloud+
                  • Chapter 1
              • Security
                • Security+
                  • Chapter 1
                    • Risk Terminology
                • Pentest+
                  • Chapter 1
                • CySA+
                  • Chapter 1
                • CSA+
                  • Defending Against Cybersecurity Threats
          • EC-Council
            • Courses
              • CEH
              • CHFI
              • CSA
          • Intel Techniques
            • Courses
              • OSINT Techniques
              • Privacy & Security
          • SANS
            • Courses
              • SEC
                • SEC 401 - Security Essentials
                • SEC 450 - Blue Team Fundamentals
                • SEC 502 - Perimeter Protection In-Depth
                • SEC 503 - Network Monitoring and Threat Detection In-Depth
                • SEC 504 - Hackers Tools, Techniques And Incident Handling
                • SEC 505 - Securing Windows and PowerShell Automation
                • SEC 506 - Securing Linux & UNIX
                • SANS 509 - Securing Oracle Database
                • SEC 511 - Continuous Monitoring and Security Operations
                • SEC 517 - Cutting Edge Hacking Techniques
                • SEC 524 - Cloud Security Fundamentals
                • SEC 531 - Windows Command Line Kung Fu
                • SEC 542 - Web App Penetration Testing
                • SEC 560 - Enterprise Penetration Testing
                • SEC 565 - Red Team Operations and Adversary Emulation
                • SEC 566 - Implementing and Auditing Security Frameworks
                • SEC 573 - Automating Information Security with Python
                • SEC 575: Mobile Device Security
                • SEC 580 - Metasploit for Enterprise Penetration Testing
                • SEC 587 - Advanced Open Source Intelligence
                • SEC 599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
                • SEC 617 - Wireless Penetration Testing and Ethical Hacking
                • SEC 642 - Advanced Web App Penetration Testing
                • SEC 660 - Advanced Penetration Testing
                • SEC 760 - Advanced Exploit Development
                • SEC 554: Blockchain and Smart Contract Security
              • FOR
                • FOR 408 - Windows Forensic Analysis
                • FOR 500 - Windows Forensic Analysis
                • FOR 508 - Advanced Digital Forensics and Incident Response
                • FOR 518 - Mac and iOS Forensic Analysis
                • FOR 526 - Memory Forensics In-Depth
                • FOR 572 - Advanced Network Forensics
                • FOR 577 - Virtualization Security Fundamentals
                • FOR 578 - Cyber Threat Intelligence
                • FOR 610 - Reverse-Engineering Malware
                • FOR 710 - Reverse-Engineering Malware: Advanced Code Analysis
              • AUD
                • AUD 507 - Auditing Systems, Applications, and the Cloud
              • ICS
                • ICS 410 - ICS/SCADA Security Essentials
              • MGT
                • MGT 512 - Security Leadership Essentials for Managers
          • IBM
            • Courses
              • Cybersecurity Analyst Professional
                • Introduction to Cybersecurity Tools & Cyber Attacks
                  • Week 1
                  • Week 2
                  • Week 3
                  • Week 4
          • Cybrary
            • Courses
              • SOC L1
              • SOC L2
              • SOC L3
              • Become an Incident Handler
          • Zero Point Security
            • Courses
              • Red Team Ops [CRTO]
              • C2 Development in C#
          • Web Security Academy
            • Courses
              • Burp Suite Certified Practitioner
          • INE
            • Courses
              • eJPT
                • Blue Team
                  • ePND
                  • eCIR
                  • eCRE
                  • ePWD
                  • eCTHPv2
                  • eCDFP
                  • eCMAP
                • Red Team
                  • eMAPT
                  • eWPT
                  • eCPPTv2
                  • eCXD
                  • eWPTXv2
                  • eCPTXv2
          • Pentester Lab
          • Pentester Academy
            • Courses
              • Pentesting with Metasploit: Beginner Edition
              • Linux Privilege Escalation
          • Offensive Security
            • Courses
              • Fundamental
                • Introduction to Secure Software Development
                • Introduction to Cloud Security
                • Exploit Development Essentials
                • Web Application Assessment Essentials
                • Security Operations Essentials
                • Network Penetration Testing Essentials
              • Security Operations
                • SOC-200: Foundational Security Operations and Defensive Analysis (OSDA)
              • Penetration Testing
                • PEN - 200
                • PEN - 210
                • PEN - 300
              • Web Application
                • WEB-200: Foundational Web Application Assessments with Kali Linux (OSWA)
                • WEB-300: Advanced Web Attacks and Exploitation (OSWE)
              • Exploit Development
                • EXP-301: Windows User Mode Exploit Development (OSED)
                • EXP-312: Advanced macOS Control Bypasses (OSMR)
                • EXP-401: Advanced Windows Exploitation (OSEE)
          • Sektor7
            • Courses
              • Windows Privilege Escalation
              • Windows Persistence
              • Malware Development Essentials
              • Evasion Windows Red Team Ops
          • Black Hat
            • Courses
              • BlackHat - Malware Analysis And Memory Forensics
          • Fortinet
          • VHL
          • DFIRdiva
          • YouTube
            • Channels
          • Udemy
            • Certified in Cybersecurity (CC)
            • CompTIA Security+
          • AntiSyphon
          • THM
            • Room
              • SPLUNK
                • Introduction to SIEM
                • Basics
                • Incident handling
                • Investigating
                • Benign
                • ELK 101
                • PS Eclipse
                • New Hire Old Artifacts
                • Conti
                • BOTS
                  • v1
                  • v2
                  • v3
                • ItsyBitsy
            • Learning Paths
              • Introduction to Cyber Security
                • Introduction to Cyber Security
                  • Intro to Offensive Security
                  • Intro to Defensive Security
                • Introduction to Offensive Security
                • Introduction to Defensive Security
          • HTB
            • HTB Academy
              • Job Role Path
                • Penetration Tester
                  • Getting Started
                    • Infosec Overview
                    • Getting Started with a Pentest Distro
                    • Staying Organized
                    • Connecting Using VPN
                    • Common Terms
                  • Machines
                    • Nibbles
                • SOC Analyst
                  • Incident Handling Process
                    • Incident Handling
                    • Cyber Kill Chain
                    • Incident Handling Process Overview
                      • Preparation Stage
                      • Detection & Analysis Stage
                      • Containment, Eradication, & Recovery Stage
                      • Post-Incident Activity Stage
                  • Security Monitoring & SIEM Fundamentals
                  • Windows Event Logs & Finding Evil
                  • Introduction to Threat Hunting & Hunting With Elastic
                  • Understanding Log Sources & Investigating with Splunk
                  • Windows Attacks & Defense
                  • Intro to Network Traffic Analysis
                  • Intermediate Network Traffic Analysis
                  • Working with IDS/IPS
                  • Introduction to Malware Analysis
                  • JavaScript Deobfuscation
                  • YARA & Sigma for SOC Analysts
                  • Introduction to Digital Forensics
                  • Detecting Windows Attacks with Splunk
                  • Security Incident Reporting
            • Challenges
              • Retired
                • Challenges
                  • Hardware
                    • Very Easy
                      • Gawk
                      • Secure Digital
                  • Web
                    • Very Easy
                      • Trapped Source
                  • Mobile
                    • Very Easy
                      • Don't Overreact
                  • Pwn
                    • Very Easy
                      • Getting Started
                      • Questionnaire
                      • Vault-breaker
                  • Crypto
                    • Very Easy
                      • Ancient Encodings
                  • Reverse
                    • Very Easy
                      • WIDE
                      • Shattered Tablet
                      • Hunting License
                      • Gonna-Lift-Em-All
                  • Misc
                    • Very Easy
                      • Compressor
                  • Forensics
                    • Very Easy
                      • Extraterrestrial Persistence
                      • Alien Cradle
                      • Wrong Spooky Season
                  • OSINT
                  • GamePwn
                  • Blockchain
            • Machines
              • Retired
                • Windows
                  • Easy
                    • Blue
          • Blueteamlabs.online
          • LetsDefend.io
          • CyberDefenders.org
      • Infinity
        • c0//53
          • Leet Code
          • Hacker Rank
        • Tools
          • Red Team
            • OSINT
            • Enumeration
            • Web
            • Exploit Base
              • Linux
            • Post-exploitation
              • Backdoor
          • Blue Team
            • Forensics
            • My scripts
        • Bookmarks
          • Cybersecurity
            • Reverse Engineering
            • Telegram
          • MindHub
            • Job Boards
          • GitHub
          • AI
            • Free
          • Books
            • Cybersecurity
              • Linux
                • Linux Essentials For Cybersecurity
                • The Linux Command Line, 2nd Edition: A Complete Introduction
                • How Linux Works, 3rd Edition: What Every Superuser Should Know
              • OSINT
                • Deep Dive: Exploring the Real-world Value of Open Source Intelligence
              • Networking
                • Wireshark for Security Professionals
              • Social Engineering
                • Practical Social Engineering
          • Writeups
    • Carrier
      • Interview Questions
        • General HR questions
        • Cybersecurity
          • Junior Positions
            • SOC L1
            • Junior Malware Analyst
            • Junior Penetration Tester
            • Junior Red Teamer
            • Junior Forensic Analyst
            • Junior Incident responder
            • Junior Threat hunter
            • Junior Security Analyst
          • Specialist Positions
            • SOC L2
            • Malware Analyst
            • Penetration Tester
            • Red Teamer
            • Forensic Analyst
            • Incident responder
            • Threat hunter
            • Security Analyst
          • Senior Positions
            • SOC L3
            • Senior Malware Analyst
            • Senior Penetration Tester
            • Senior Red Teamer
            • Senior Forensic Analyst
            • Senior Incident responder
            • Senior Threat hunter
            • Senior Security Analyst
          • Random questions
            • PT.1
            • PT.2
            • PT.3
            • PT.4
            • PT.5
            • PT.6
    • Note
      • Read
      • Interview
      • Cheat Sheet
        • Penetration Testing
          • Enumeration
  • Roadmap
    • CTF Track
Powered by GitBook
On this page
  1. Notes
  2. Education
  3. Base
  4. Purple Team
  5. HTB
  6. HTB Academy
  7. Job Role Path
  8. SOC Analyst

Incident Handling Process

Last updated 1 year ago

LogoCompleted Incident Handling Process
Page cover image