Hi all ,
I recently started working as a SOC Analyst and I am struggling with it. First of all my expectations were we would just be monitoring for any potential cyber threats and then acting accordingly. However I just feel so overwhelmed as we use at least four SIEM platforms, theres coding in kql which I am not familiar with at all, I am being told to make presentations on gathering data from the SIEM and then filtering out if they were raised incorrectly or not. The issue is I dont have a clue as I have never done this kind of work before.
I am an apprentice but its like there showing me all this information but I just cant remember everything and soon will be doing exams, coursework etc. On top of this its also like our soc is acting like a sales department as we have to have calls with clients and offer to protect their services aswell. Idk im just completely overwhelmed, I had the option to go uni but chose against it as I thought this would have been better with no student debt etc but now I am not so sure. Is it common for socs to be run like this and also acting like sales offerinh services to clients? Does it get easier with time? The main tool we are using is Sentinel so has anyone hot any tips on how to get use to it?