SOC Resources

some bookmarks

  • Sniper Forensics:TA, Chris Pogue & Trustwave SpiderLabs, slides (2010)

  • When Threat Intel Met DFIR, Thomas Chopitea & Ronan Mouchoux, live slides, pdf

  • RedQueen 10 Strategies Carson Zimmerman and Mitre, book from Mitre pdf

  • PNSM and TNSM, Richard Bejtlich : books, blog
    • PNSM for basic background, Security Onion, process, and scenarios
    • TNSM for deep background theory and wisdom, FreeBSD tips
  • ANSM Applied NSM book, Chris Sanders and Jason Smith, the whole book, but especially:
    • 1.7 “Defining the Analyst”
    • 15 “The Analysis Process”
  • School of SOC flowchart, r0x0r skill trees: SOC flowchart

  • CIS Workforce Handbook (info page)[]

  • Job roles, training and education tables:

  • David Bianco, “A Simple Hunting Maturity Model” Detect Respond Blog direct link

  • NIST SPs, especially:
    • 800-61r2 : Computer Security Incident Handling Guides
    • 800-86 : Guide to Integrating Forensic Techniques into Incident Response
  • DoD 6510 from

Chris Sanders blog and Phd work,eg


  • FIXME link 10 SIEM dashboards slides

Written on November 18, 2015