Tldr+ Soc: Logs, Alerts and Triage for Analysts
Be fast. Be accurate. Be useful. That's what a SOC analyst does - and this book shows you how.
TLDR+ SOC is a hands-on guide to working in a Security Operations Center, created for L1 and L2 analysts who want to understand what matters - logs, alerts, and making the right decisions fast.
No lectures. No buzzwords. Just what to do when something looks suspicious.
Inside, you'll learn how to:
read and filter logs with tools like journalctl, grep, and jq
analyze authentication failures, lateral movement, and PowerShell abuse
investigate alerts using VirusTotal, AbuseIPDB, and MISP
tell the difference between a false positive and a real incident
document, escalate, and survive an alert storm with your sanity intact
Includes cheat sheets, enrichment tools, triage flowcharts, and live examples based on real SOC scenarios.
Whether you're in your first analyst role, prepping for your first IR escalation, or just tired of Googling journalctl -xe for the 50th time - this book is for you.
Customer Reviews
ThriftBooks ® and the ThriftBooks ® logo are registered trademarks of Thrift Books Global, LLC
