SOC Update (16-20 March 2020)
Progress / Completed Projects & Tasks
- Akamai WAF IP Reputation Module
- Secondary meeting with infra web team to discuss his findings and concerns.
- Need to answer question about super-natted ISP in Indonesia.
- Crafted General Notification notice for stakeholders regarding the upcoming feature enabling.
- FAQ and Project Documentation released updates
- AWS Centralised Security Logging Project
- Final discussion held with infra team to move forward with implementation.
- Linux Hardening Golden AMI tools
- Detection Engineering and Threat Hunting Labs
Plan / Work in progress
- SIEMonster Sec Prod Roll-out on AWS
- Pre-installation requisites have been met. Call to initiate production roll-out of SIEM scheduled for this week.
- Akamai WAF IP Reputation Module
- Need to answer question about super-nated ISP in Indonesia.
- Onboard tvlk-dev and tvlk-data AWS accounts to SAML (on-going)
- Incident Playbooks , SoP in the works.
- Linux Hardening Golden AMI tools
- Helping Ravi finalising Ubuntu Hardening Standard Doc and hardening scripts accordingly.
- Exploring tools to provide actionable scriptable hardening.
- Project page
Roadblocks / Problems
None
Notable Incidents
SOC-113 Possible Database dump posted in Twitter
Incident RCA: https://drive.google.com/open?id=1qc8T6lYN46qeHo-BSntR9Na__gbB2fFi
Status: Closed. False claim. DB schema was not recognised by any team. Reporter (“hacker) ”has been persuaded to remove the posts from twitter and facebook and instead report to us responsible via the BugCrowd. No report was submitted.
https://29022131.atlassian.net/browse/SOC-113