Scribd
Upload
21 views13 pages

SOC Weekly Report BODIVA 22th 28th April

Uploaded by

dunilson7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
21 views13 pages

SOC Weekly Report BODIVA 22th 28th April

Uploaded by

dunilson7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 13

SOC Weekly Report

22.04.2024 - 28.04.2024 | SOC TEAM | BODIVA.


SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024

Contents:
1. SOC Report........................................................................................... 2
2. Objectives............................................................................................. 2
3. SOC Findings......................................................................................... 3
3.1. Network Monitoring........................................................................3
3.2. Incident Statistics...........................................................................4
3.3. VPN Access Failed Login.................................................................6
3.4. VPN Access Successful Login By username....................................7
3.5. Domain Account Managements Events..........................................7
3.6. Failed Login By Geographic Country...............................................9
3.7. Recon Activity by Country..............................................................9
3.8 Out Of Working Hours...................................................................10
4. Pending/Closed Tickets.......................................................................11
5. Conclusions and Recommendations...................................................11

New Cognito 1

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024

1. SOC Report

In this report, you will find detailed information about critical findings and
actions taken by the SOC team.

To this report, we’ll define incidents/offense as refer to errors or activities


that are not part of a standard information technology service operation and
pose a risk of compromise or loss of information. Furthermore, discovering
and reporting incidents as promptly as possible can minimize overall
damage and reduce the cost of incident handling.

2. Objectives

The main objective of this report is to provide upper management with an


overview of the threats identified by the analysts, their risk score, as well
the total numbers of tickets opened and closed based on the identified
threats. Currently, the analysts follow the following procedures:

 Identify the Root cause Analysis of the Incident.


 Implement benchmarks such as Mean Time To Detect (MTTD) and
Mean Time To Respond (MTTR)
 Familiarise with protocols and playbooks.
 Proactive monitoring
 Log management
 Compliance Integrity

New Cognito 2

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024

3. SOC Findings

3.1. Network Monitoring

To detect malicious activity, there is a need to know and gain visibility of it


being monitored. In addition to it, knowing which network is being
monitored, allows us to isolate the issue based on it Table 1, provides a
summary of the network being monitored…

Organization Network

BODIVA

Table 1. Monitoring Summary Network

New Cognito 3

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024
3.2. Incident Statistics

In this section, metrics regarding incidents within our monitored network will
be displayed. To better address incidents, we have found that it is important
to categorize so that we understand what the biggest source of risk is on a
category-by-category basis. Table 2 provides a clarification of the terms
used in each category.

Category Name Description

Access Refers to access control used for monitoring network


events.

Authentication Refers to authentication, sessions, and controls that


monitor users on the network.

Exploit Refers to leveraging systems for privileges escalation


or unauthorized access.

Malware Refers to software designed or engineered to harm or


steal data in a system.

Policy Refers to offenses linked to policy violations or


compliance issues.

Potential Exploit Possible attempts of escalation of privileges or


unauthorized access

Recon Probing or scanning ports or networks for a reply or


access serves to find vulnerabilities.

Suspicious Activities outside of the bounds established or erratic


Activity behavior by the actors in the network.

New Cognito 4

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024
Table 2. Clarification of terms

Eve
nts
12 Eve
nts 215
# #

Ris 6 Ris
k
10
k

Authenticati Malwar
on e
Eve
nts 88 Eve
nts
#
22759
#

Ris
k
9 Ris
k
8
Reco
Policy
Eve
nts
1 Eve
nts
68
#
#

Ris 6 Risk 9
k

Ris Suspicious
Eve
nts
429
#

Ris
k
6

System

New Cognito 5

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024
Suspicious Activity Authentication System
0% Policy 2%
0% 0%
Malware
Risk 1%
0%

Recon
97%

1.1. VPN Access Failed Login

Helder dos Santos


gildon.ribeiro

Hernani Santos
Gilson Ribeiro

Lucas Sousa

Vicente Manuel

N/A

russola.mor-
[email protected]
INFOTECH Esmael Afonso

New Cognito 6

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024
1.2. VPN Access Successful Login By username

Helder dos Santos


gildon.ribeiro 5%
5%
Hernani Santos
11% Gilson Ribeiro
37%

Lucas Sousa
5%

Vicente Manuel
5%
N/A
5%
russola.moreira@bod-
iva.ao INFOTECH Esmael Afonso
5% 5% 16%

1.3. Domain Account Managements Events

Password Change Succeeded


100%

Password Change Succeeded User Account Changed User Account Removed

LogSource Made By: Target Action Time

New Cognito 7

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024
WindowsAuthS Password Apr 26,
erver @ SRV- Change 2024,
SRVDC02 N/A VCSAHP$ Succeeded 6:16:33 PM
WindowsAuthS Password Apr 26,
erver @ helder.soare helder.soare Change 2024,
SRVDC02 s s Succeeded 2:02:39 PM
WindowsAuthS Password Apr 25,
erver @ nelmo.sebast Change 2024,
SRVDC02 adminRadius iao Succeeded 6:11:38 PM
WindowsAuthS Password Apr 25,
erver @ Change 2024,
SRVDC02 adminRadius lucas.sousa Succeeded 3:51:38 PM
WindowsAuthS Password Apr 25,
erver @ Change 2024,
SRVDC02 admin09 admin09 Succeeded 8:50:08 AM
WindowsAuthS Password Apr 25,
erver @ Change 2024,
SRVDC02 admin09 admin09 Succeeded 8:49:44 AM
Apr 24,
WindowsAuthS Password 2024,
erver @ Change 12:02:07
SRVDC02 admin6 DN-T-10$ Succeeded PM
Apr 24,
WindowsAuthS Password 2024,
erver @ Change 11:23:31
SRVDC02 admin6 GVMS-D-02$ Succeeded AM
WindowsAuthS Password Apr 22,
erver @ Change 2024,
SRVDC02 admin6 DJUR-T-06$ Succeeded 2:46:04 PM
Apr 22,
WindowsAuthS Password 2024,
erver @ Change 10:45:22
SRVDC02 admin6 DDM-D-01$ Succeeded AM
WindowsAuthS Password Apr 22,
erver @ Change 2024,
SRVDC02 admin02 DN-D-01$ Succeeded 9:56:34 AM
WindowsAuthS Password Apr 22,
erver @ Change 2024,
SRVDC02 adminRadius admin6 Succeeded 9:36:40 AM

New Cognito 8

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024
1.4. Failed Login By Geographic Country

Angola

0 1 2 3 4 5 6 7 8 9

Angola

Countr Source IP Destinatio Port Users Cou


y n IP nt
154.127.164. 192.168.20
Angola 9 .40 443 Multiple(2) 8

1.5. Recon Activity by Country

Canada 355

Australia 362

Switzerland 484

Germany 549

Seychelles 564

Mongolia 640

South-Korea 696

UnitedKingdom 859

RussianFederation 868

Spain 1594

China 1735

Bulgaria 3512

Other 8386

UnitedStates 1263
0 1000 2000 3000 4000 5000 6000 7000 8000 9000

New Cognito 9

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024

3.8 Out Of Working Hours

160000
143877
140000

120000 110846

100000

80000

60000

40000
22929 23768
20000
8021
1939 1013 406 331 430 231 155 131
0
r 09 r 3 9 4 s ad 6 so o h
to to b0 n0 n0 iu in tia ec ira
rt a in tra
55 m
i
m
i a d ync m f on as ot rre
in
is Ad
m
in
i s
50 ad ad in
R ts ad l.a eb in
f
.f e
bd in ae s ila
m m c dm po o. le
Ad a d 9f a
ec
k
es
m lm
L_ ch ne
SO
M

New Cognito 10

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024
2. Pending/Closed Tickets

During the week from the 22nd to the 28th, 3 tickets were reported, 2
of which were closed and 1 open.

Ticket Pending and Closed


Pending Tickets
1

Open Tickets
3

Solved and Closed


Tickets
2

Open Tickets Solved and Closed Tickets Pending Tickets


Figure 2. shows the numbers of ticked open and solved.

3. Conclusions and Recommendations

Here are some recommendations and conclusions to consider:

1. Risk Assessment: Begin by conducting a thorough risk


assessment to identify potential vulnerabilities and threats to your
business. This should cover areas such as data breaches,
cyberattacks, physical security, and compliance with regulations.

2. Implement Strong Security Policies: Develop and enforce


comprehensive security policies that address areas such as access
control, data encryption, password management, and incident
response. Regularly review and update these policies to stay ahead of
emerging threats.

New Cognito 11

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com
SOC WEEKLY REPORT
SOC TEAM
New Cognito – All Rights Reserved 2024
3. Employee Training: Provide regular training to employees on
security best practices, such as identifying phishing attempts, using
secure passwords, and handling sensitive information. Human error is
a common cause of security breaches, so educating your staff is
critical.

4. Use of Technology: Invest in reliable cybersecurity technology


such as firewalls, antivirus software, intrusion detection systems, and
encryption tools. Regularly update and patch these systems to
protect against the latest threats.

5. Backup and Recovery: Implement a robust backup and recovery


plan to ensure that critical data can be restored in the event of a
cyber incident or disaster. Test your backup systems regularly to
verify their effectiveness.

6. Third-Party Risk Management: If your business relies on third-


party vendors or partners, ensure they adhere to stringent security
standards. Conduct regular assessments of their security practices
and require them to comply with your security policies.

In conclusion, securing your business requires a holistic approach that


combines technological solutions, employee training, risk
management, and compliance measures. By proactively addressing
security threats, you can protect your business's assets, reputation,
and customer trust.

New Cognito 12

Belas Business Park


Edifício Bengo, 5º Andar, Sala 506
Talatona, Luanda – Angola
newcognito.com

You might also like