SOC Update (28 Sep - 02 Oct 2020)
Progress / Completed Projects & Tasks
- AWS log centralisation and alert integration to tvlk-sec-prod
- CloudConformity delivered to tvlk-sec-prod via SNS .
- AWS Athena partition module code for CloudTrail, VPC Flow logs in GitHub.
- Akamai WAF
Plan / Work in progress
- Akamai WAF
- OpenSource EDR tools + DLP related capabilities
- Continue working with deliverable in the SOC Interim DLP Strategy and tasks.
- Deployment of velociraptor in AWS tlvk-sec-prod (all Windows user end-points +5k.)
- SIEMonster Sec Prod Roll-out on AWS
- Continue working on integrating other relevant log sources.
- Kaspersky AV logs.
- Pulse Secure User VPN access.
- AWS log centralisation and alert integration to tvlk-sec-prod
- VPC Flows, CloudConfig : ETA: 10/30
- GCP Hardening and Visibility
- Reviewing GCP current set-up, identify gaps, document and propose recommendations.
- Continue working with tlvk-data team on the actions items identified on red-teams assessment and post-mortems as needed.
- SOC-180 20200812 Intrusion - Data Dump / 2020 Q2 Red-team attack.
- Continue managing progress with respective teams and the clean-up and hardening initiatives as needed.
- Container Security
- Threat Detection Engineering
- Prioritise and publish Top 10 Windows Detection Rules following T2-DARS Framework.
Roadblocks / Problems
None
Notable Incidents
SOC-189 20200929 Bot WebScrapping attack on www.traveloka.com
Status: Contained. Miss-config found, fix in progress
https://29022131.atlassian.net/browse/SOC-189