OPEN SECURITY OPERATION

CENTER

1
NooraNet
Design & Architecture
Compliance reports Integration with service Monitoring network
for regulations and Security alerts , analysis,
management tools for & applications across
internal policy and incident response
integrated response the entire infrastructure

SOC Manager

Visualization
Cloud SOC Lead

SSL VPN
Mobile
Applications
Log Ingestion & Backend Automatio
Analysis Storage n
SOC L3
Web Analyst
Applications

Database XDR and SIEM, Log SOAR

STORAGE &
Mgmt
DB SOC L2
Analyst
Middleware Intelligence Investigati
Case
Enrichment on
Management
Endpoint

Network Forensic and SOC

Incident Engineer
Threat Incident
Intelligence Response Response
The Most Famous Attacks in the World
Eavesdropping:- In general, the majority of network communications occur in an unsecured or Compromised-key Attack:- A key is a secret code or number
"clear text" format, which allows an attacker who has gained access to data paths in your network necessary to interpret secured information. Although obtaining a key is
to "listen in" or interpret (read) the traffic. When an attacker is eavesdropping on your a difficult and resource-intensive process for an attacker, it is possible.
communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor
After an attacker obtains a key, that key is referred to as a
the network is generally the biggest security problem that administrators face in an enterprise.
Without strong encryption services that are based on cryptography, your data can be read by compromised key.
others as it traverses the network. An attacker uses the compromised key to gain access to a secured
Data Modifications:- In general, the majority of network communications occur in an unsecured communication without the sender or receiver being aware of the
or "clear text" format, which allows an attacker who has gained access to data paths in your attack. With the compromised key, the attacker can decrypt or modify
network to "listen in" or interpret (read) the traffic. When an attacker is eavesdropping on your data, and try to use the compromised key to compute additional keys,
communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor
which might allow the attacker access to other secured
the network is generally the biggest security problem that administrators face in an enterprise.
communications.
Without strong encryption services that are based on cryptography, your data can be read by Application-Layer Attack:- An application-layer attack targets
others as it traverses the network. application servers by deliberately causing a fault in a server's
Identify Spoofing (IP Address Spoofing):- Most networks and operating systems use the IP
operating system or applications. This results in the attacker gaining
address of a computer to identify a valid entity. In certain cases, it is possible for an IP address to
be falsely assumed identity spoofing. An attacker might also use special programs to construct IP the ability to bypass normal access controls. The attacker takes
packets that appear to originate from valid addresses inside the corporate intranet. advantage of this situation, gaining control of your application, system,
After gaining access to the network with a valid IP address, the attacker can modify, reroute, or or network, and can do any of the following:
delete your data. The attacker can also conduct other types of attacks, as described in the Read, add, delete, or modify your data or operating system.
following sections. Introduce a virus program that uses your computers and software
Password-Based Attacks :- A common denominator of most operating system and network
applications to copy viruses throughout your network.
security plans is password-based access control. This means your access rights to a computer and
network resources are determined by who you are, that is, your user-name and your password. Older Introduce a sniffer program to analyze your network and gain
applications do not always protect identity information as it is passed through the network for information that can eventually be used to crash or to corrupt your
validation. This might allow an eavesdropper to gain access to the network by posing as a valid user.  systems and network.
When an attacker finds a valid user account, the attacker has the same rights as the real user. Abnormally terminate your data applications or operating systems.
Therefore, if the user has administrator-level rights, the attacker also can create accounts for Sniffer Attack:-
Disable other A sniffer
security is an
controls application
to enable futureor device that can read,
attacks.
subsequent access at a later time. monitor, and capture network data exchanges and read network packets. If
Man in the Middle:- As the name indicates, a man-in-the-middle attack occurs when someone the packets are not encrypted, a sniffer provides a full view of the data
between you and the person with whom you are communicating is actively monitoring, capturing, inside the packet. Even encapsulated (tunneled) packets can be broken
and controlling your communication transparently. For example, the attacker can re-route a data open and read unless they are encrypted and the attacker does not have
exchange. When computers are communicating at low levels of the network layer, the computers
access to the key.
might not be able to determine with whom they are exchanging data.
Using a sniffer, an attacker can do any of the following:

3
Denial of Services:- Imagine you're sitting in traffic on a one-lane country road, with cars backed • Analyze your network and gain information to eventually cause your
up as far as the eye can see. Normally this road never sees more than a car or two, but a county network to crash or to become corrupted.
fair and a major sporting event have ended around the same time, and this road is the only way • Read your communications.
for visitors to leave town. The road can't handle the massive amount of traffic, and as a result it
gets so backed up that pretty much no one can leave.
Wazuh
Deployment

4
Wazuh Rules

5
Wazuh ENdpoint

6
Wazuh Rules

7
Wazuh Threat Hunting Rules