• security information and event management(SIEM), tools & others.
• playbooks and network protocol analyzers.
• Linux
• SQL and Python

what is Log?

• A log is a record of events that occur within an organization's systems.
• Logs help security professionals identify vulnerabilities and potential security breaches.
• A business might log each time an employee accesses web-based services.

tools

The first tools we'll discuss are security information and event management tools, or SIEM tools.
使用 SIEM tools來分析過濾後的事件和模式，執行事件分析，或主動尋找威脅。根據您組織的SIEM設置和風險焦點-- analyze filtered events and patterns,

• perform incident analysis, or

• proactively search for threats.

• providing alerts for specific types of risks and threats.

• SIEM tools uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen?

• SIEM 工具是一種應用程式，能夠收集和分析日誌數據，以監控組織中的關鍵活動。A SIEM tool is an application that collects and analyzes log data to monitor critical activities in an organization.

• SIEM 工具收集即時或瞬時信息，並允許安全分析師識別潛在的違規行為。SIEM tools collect real-time, or instant, information, and allow security analysts to identify potential breaches as they happen.

• SIEM 工具透過提供特定類型風險和威脅的警示來減少分析師必須檢視的資料量。SIEM tools reduce the amount of data an analyst must review by providing alerts for specific types of risks and threats.

SIEM tools

Splunk
Chronicle
playbooks
network protocol analyzers

• Splunk:是一個數據分析平台，而Splunk Enterprise提供SIEM解決方案。Splunk Enterprise是一個自我託管的工具，用於保留、分析和搜尋組織的日誌數據。Splunk is a data analysis platform, and Splunk Enterprise provides SIEM solutions. Splunk Enterprise is a self-hosted tool used to retain, analyze, and search an organization's log data.

• Chronicle: 另一個SIEM工具是Google的Chronicle。Chronicle是一個雲原生的SIEM工具，用於搜索和分析安全數據。雲原生意味著Chronicle可以快速交付新功能。

Other key tools

• playbooks:操作手冊是一本提供有關任何操作行動細節的手冊，例如如何應對事件。操作手冊因組織而異，引導分析師在安全事件發生前、期間和之後如何處理。操作手冊可以涉及安全或合規審查、訪問管理以及許多其他需要從頭到尾記錄流程的組織任務。

  • chain of custody playbook: 在事件生命周期中記錄證據擁有權和控制的過程 the process of documenting evidence possession and control during an incident lifecycl
  • protecting and preserving evidence playbook:保護和保存證據是妥善處理脆弱和易變數位證據的過程

• network protocol analyzers( packet sniffer):在捕獲和分析網路內數據流量的工具。常見的網路協定分析器包括 tcpdump 和 Wireshark。By simulating attacks on connected devices By capturing and analyzing data traffic on the network

python

• They can be used to create a specific set of instructions for a computer to execute tasks.
• Correct They complete tasks faster than if working manually.
• Correct They reduce the risk of human error.

Linux

• It is open source.
• It allows for text-based commands by users.