Investigate Overview

Stellar Cyber Academy icon Learn more at Stellar Cyber Academy.

The following link takes you to a course on the Stellar Cyber Academy technical training portal where you can learn more about this topic by watching the suggested lessons.

(2024) SOC ANALYST - Investigations and Workflows (05h:48m)

Familiarize yourself with the main features and layout of the Stellar Cyber Platform UI, focusing on essential tools for security investigations. Understand how to navigate and leverage views such as Case Management and Threat Hunting to streamline your analysis workflow.

Learn to use Case views, including the Top Cases, Case Table, and Kill Chain views, to prioritize and manage investigations. Explore how Stellar Cyber automatically correlates related events into cases, enhancing efficiency and providing a comprehensive picture for triaging high-risk incidents.

Watch a demonstration on interacting with cases in the Stellar Cyber UI. Learn to filter, sort, and explore cases, focusing on using the Top Cases view and other filtering options to facilitate investigation workflows.

See how to investigate a case using the UI tools in Stellar Cyber, including detailed analysis options and visualizations. Learn how to track the progression of an attack across different kill chain stages and use available resources to gain insights into security incidents.

Explore the Alerts view, learning how to filter, sort, and manage Alerts within the Stellar CyberPlatform. Understand how machine learning drives alert generation and prioritization, and how to use these alerts to create custom Cases.

Review available views for managing alerts, including the Alerts Table and Threat Hunting view. Learn to leverage MITRE ATT&CK data and custom filtering options to enhance your threat investigation and tune alert settings for focused analysis.

Watch a demonstration on triaging and investigating alerts in different views, including the Kill Chain and Alerts Table views. See how to interact with alerts, apply filters, and conduct threat-hunting activities efficiently.

Discover techniques for using the Threat Hunting view to identify and investigate unknown threats in your network. Learn how to filter data by entity and behavior, and leverage visualizations to enhance threat detection and analysis.

Dive into the User Behavior and Asset Analytics tools in the Stellar Cyber UI to add context to your investigations. Understand how to assess user activity and analyze assets for behavioral anomalies to support threat detection.

Follow a demonstration on using behavioral analytics to monitor user activity and asset interactions. Learn to investigate unusual behavior patterns and leverage data insights to enhance security operations.

The first time you access a link on the portal during a session, you must log in to access content.

Stellar Cyber provides many different ways to investigate cyber threats. The topics in this section cover the primary tools for working with general Threat Hunting, and a selection of other views to slice into your data. Also refer to Getting Started topics and Response Actions.