Customized Detection Methods for SOC Analysts
Question
A SOC analyst can make a customised detection from one of the below ?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C
Advanced hunting gives a choice to save the query as a detection, while Alert and Incident doesn't provide an option to save as a detection.
/answer/imgQ14.png)
A Security Operations Center (SOC) analyst can create a customised detection from Advanced Hunting.
Advanced Hunting is a proactive approach that allows security analysts to query large volumes of data to identify potential threats and to gain insights into an organization's security posture. It provides a flexible and powerful search capability that enables analysts to conduct threat hunting across various data sources.
A SOC analyst can create a custom detection rule in Advanced Hunting by querying data from different sources such as log files, network traffic, and endpoints. This allows them to identify patterns and anomalies that may indicate malicious activity.
In contrast, Alerts and Incidents are generated by security tools such as Security Information and Event Management (SIEM) systems or endpoint detection and response (EDR) solutions, based on pre-defined rules or signatures. Requests are usually not related to creating custom detections, but instead, they are used to request additional information or support.
Therefore, the correct answer is C. Advanced Hunting.
