ezzeldinadel
/ Data Sources for SIEM, SOC
Last active
November 19, 2020 10:28
What should a SIEM see in a SOC?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| If your SOC doesn't see | |
| NIDS/NIPS (NDR/NTA) | |
| HIDS/HIPS (EDR/EPP) | |
| Netflow | |
| PCAP | |
| Sys Integrity Checkers | |
| AV | |
| User activity monitoring | |
| DLP and IP |
ezzeldinadel
/ What should your SOC check on daily basis for intel?
Created
May 31, 2020 17:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Internet health: | |
| ISC: http://www.isc.org | |
| NetCraft: http://news.netcraft.com/ | |
| US-CERT: http://www.US-Cert.gov | |
| General technology and security trends: |
ezzeldinadel
/ BST_traversals.py
Created
December 9, 2019 12:32
BST Tree Traversals (DFS and BFS) Recursively and Iteratively
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Node: | |
| def __init__ (self, v): | |
| self.right=None | |
| self.left=None | |
| self.data=v | |
| # BFS | |
| def printBFS(root): #iteratively |
ezzeldinadel
/ all_commands_bash_unix
Created
November 15, 2019 21:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aa-enabled | |
| add-shell | |
| apparmor_parser | |
| apt-cache | |
| arch | |
| aa-exec | |
| addgnupghome | |
| apparmor_status | |
| apt-cdrom | |
| arp |