Hi all ,

I recently started working as a SOC Analyst and I am struggling with it. First of all my expectations were we would just be monitoring for any potential cyber threats and then acting accordingly. However I just feel so overwhelmed as we use at least four SIEM platforms, theres coding in kql which I am not familiar with at all, I am being told to make presentations on gathering data from the SIEM and then filtering out if they were raised incorrectly or not. The issue is I dont have a clue as I have never done this kind of work before.

I am an apprentice but its like there showing me all this information but I just cant remember everything and soon will be doing exams, coursework etc. On top of this its also like our soc is acting like a sales department as we have to have calls with clients and offer to protect their services aswell. Idk im just completely overwhelmed, I had the option to go uni but chose against it as I thought this would have been better with no student debt etc but now I am not so sure. Is it common for socs to be run like this and also acting like sales offerinh services to clients? Does it get easier with time? The main tool we are using is Sentinel so has anyone hot any tips on how to get use to it?

Thanks

Share This Discussion

1 Comment

  • reds-3

    November 5, 2021

    If they hired you with the understanding that you didn’t know anything, they’re probably waiting for you to start asking questions.

    Reply

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.