Scribd
Upload
22 views12 pages

SOC Report 26th 3rd October

Uploaded by

dunilson7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
22 views12 pages

SOC Report 26th 3rd October

Uploaded by

dunilson7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

SECURING A BETTER FUTURE.

THE B EST AT MAK IN G IT


B ETTER
SOC Weekly
Report
7th to 14th July 2022

Client Name: Mitrelli


Table of Contents
• Objective

• Monitoring Summary

• Incident Summary

• Threat Summary

• Recommendations
3
Objectiv
e
• Provide an Overview to Clients of
Threat Landscape

• Help Mitrelli mitigate cybersecurity risk by


working with conjunction with IT team.

4
Monitoring Summary
Table 1. Overview of Current monitoring Devices
categorized by Log sources.
Data Source Type Amount
1 FortiGate FW 20
2 Domain Controllers 4
3 KEMP (LB) 1
4 Express WAY (BG) 1
5 VMware vSphere 1
6 Network Equipment (SW) 2
7 VM Windows (exchange, terminals, priority…) 5
8 GIS web server (IIS) 1
9 OWA 1
10 PineApp Mail Gateway 1
11 Sophos Endpoint Protection 500/600

5
Monitoring Summary
(Cont…)
Figure 1 Display the top log sources that we manage to
correlate.

6
Incident Summary
11
Tickets Chart Title
1; 5%

10
Tickets

11; 50%
10; 45%
1
Tickets

4
opened tickets closed tickets pending tickets
Hours

7
Risk Score By
Magnitude/Impact
Based on CVSS v3.0 We classify Risk as Table 2 indicates

Low 0.1 – 3.9

Medium 4.0 – 6.9

High 7.0 – 8.9

Critical 9.0 – 10.0

8
Threat Summary
Suspicious
Exploit Malware Recon Policy Access Authentication
Activity

Events 25 40 0 593 10 167 455

Risks 6 1 0 5 6 5 5

9
Threat Summary
Table 2. Clarification of Terms
Category Name Description
Access Refers to access control used for monitoring network events

Authentication Refers to authentication, sessions and controls that monitor users on the network.

Exploit Refers to leveraging systems for privileges escalation or unauthorized access.

Malware Refers to software designed or engineered to harm or steal data in a system.

Policy Refers to offenses linked to policy violation or compliance issues.

Potential Exploit Possible attempts of escalation of privileges or unauthorized access

Recon Probing or scanning of port or networks for a reply or access, serves to find
vulnerabilities.

Suspicious Activity Activities outside of the bounds established or erratic behaviour by the actors in the
network.
10
Recommendations

• Improve communication between SOC and Mitrelli IT


team;

• Continuously update Antivirus in Users Machine

• Use Separate Machine to test services

11
Thank you. newcognito.com

You might also like