JJebitokinsharonjebitok.com00Traffic Analysis Pitfalls (TryHackMe)13h ago · 35 min read · Link to the challenge/walkthrough on TryHackMe: Traffic Analysis Pitfalls Introduction It is 02:47. Our SIEM fires an alert. Alert: Large Outbound Transfer Source: 10.10.15.44 (WKST-FINANCE-04) DJoin discussion
SSSakshi Singhinthinksecure.hashnode.dev00What Are Security Alerts and False Positives?5d ago · 9 min read · In Part 7, I finally understood how SIEM works. It collects logs. Normalizes them. Runs rules. And when something matches, it creates an alert. That alert lands in the analyst's queue. And I thought .Join discussion
TSTech Skill Schoolintechskillschool.hashnode.dev00What Are the Tools Used in a SOC Analyst Workflow?Jun 3 · 5 min read · In the fast-paced world of cybersecurity, a SOC Analyst is often the first line of defense against cyber threats. They monitor systems 24/7, investigate alerts, and respond to incidents before they caJoin discussion
TLTirthak Likharintirthaklikhar.hashnode.dev00SOC Team Internals: How an L1 Analyst Thinks, Triages and ReportsMay 31 · 12 min read · I spent the last few weeks going through the TryHackMe SOC Team Internals module. Four rooms. Around four hours of actual learning. And a lot of things clicked that I had been reading about in theory Join discussion
JBJorge Belmarinbelmar.in00Proactive Monitoring for Okta Workflows using DatadogJun 1 · 12 min read · Your Okta Workflows will fail. Maybe not today — but eventually, they will. The last thing you want during a long weekend is waking up at 3 AM to a flood of alerts from your ITSM tool, each one represJoin discussion
MSMephisto spirit of the Devilinm3ph15t0o-blog.hashnode.dev00What a SOC Analyst Actually Sees During a Failed Login Attack May 27 · 2 min read · When people imagine cyberattacks, they often picture dramatic hacking scenes with fast typing and flashing screens. But inside a Security Operations Center (SOC), attacks usually begin much more quietJoin discussion
PHPablo Huertasinpablohuertas.dev00Building a Home Lab for SIEM Practice with Wazuh/ElasticMay 25 · 17 min read · There is a gap between understanding security concepts and being able to actually work with them. You can read about SIEM, log correlation, and threat detection for months and still feel lost the firsJoin discussion
Vvaishvikkansarainloghunter.hashnode.dev0073 Failed Logins, 1 SIEM Dashboard. My SOC StoryMay 9 · 7 min read · The Alert That Changed Everything It was April 1, 2026. I was staring at my Kibana dashboard when something caught my eye. A massive spike. 73 failed login attempts in a single day, all targeting the Join discussion
NDnickson diazinpruba.hashnode.dev00Volt Typhoon | Tryhackme | CTF May 5 · 8 min read · Scenario: The SOC has detected suspicious activity indicative of an advanced persistent threat (APT) group known as Volt Typhoon, notorious for targeting high-value organizations. Assume the role of aJoin discussion
SSSakshi Singhinthinksecure.hashnode.dev00How SIEM Works Step by StepMay 5 · 9 min read · Understanding Cybersecurity Step by Step - Part 7 In Part 6, I showed you something that changed how I think about security. Every move an attacker makes leaves a log entry somewhere. The firewall logJoin discussion
