NormShield Blog

Threat Hunting For SOC Analysts-Meetup

Threat Hunting Meetup

Threat Hunting & SOC Analyst; The Security Operations Center (SOC) is the focal point for safeguarding against cyber-related incidents, monitoring security, and protecting assets of the enterprise network and endpoints. Threat Hunters are responsible for enterprise situational awareness and continuous surveillance, including monitoring traffic, blocking unwanted traffic to and from the Internet, and detecting any type of attack. Point solution security technologies are the starting point for hardening the network against possible intrusion attempts.

This meetup series will provide professionals with greater industry acceptance as a threat hunter, incident handler, risk administrator, SOC analyst, forensic investigator, etc.

Threat Hunting Learning Context

  • Log Analysis Toolset: cut, awk, grep ,ngrep , less, head, more, sed, tshark
  • Log Analysis and Python
  • Log Forensics
  • Web Application Log Analysis: Apache & IIS Log Forensics
  • Kernel Audit Log and Windows Event Logs
  • Network Forensics and Packet Analysis
  • In-depth Wireshark and tshark
  • Real time packet sniffing, analytics and filtering
  • DoS/DDoS tracing and identification
  • Session reconstruction and reverse capturing
  • Windows Forensics
  • Linux Forensics
  • In-depth Exploit forensics
  • Data Leakage Investigation and Threat Intelligence
  • DNS / DHCP Log Analysis

Threat Hunting Requirements:

  • A laptop with 100GB free space, 8GB RAM VMware or VirtualBox installed. SSD disk is strongly advised.
  • Make sure you have a good linux distro (Debian, Ubuntu, Kali Linux, etc.) installed on your host or VMware/Virtualbox platform. We will use the linux box for analysis. You can use your Windows or Mac OS as well if you know what you are doing. You can download Kali Linux (my favorite) at

Sign up here and let the next free training session begin…

Get your customized risk scorecard!

We’re also getting people started on their own free risk scorecards identical to the version we use for our presentations.  You can learn more about that here.