Analyst Journal @ 14 Oct 2008 06:22 pm by ayoi
Since acting as the head of a new unit in my department, I’ve noticed that most of the time my job will become less technical and more on high level kind of thingy. I attend meetings, devise a training series for the analysts, writing reports (which I hate most) and yeah making presentation slides as well. But from time to time, I do miss doing analysis, looking at the logs and alerts, reconstruct back attackers activities based on our logs and many other stuff. As I seldom touch my lappy at home due to the attention required by my children especially the twin, I’ve found it’s hard sometimes for me to cope with the work load. I know that I have this so called designated assistant where I am the one who recommend his employment but recently I just decided to move him back into the SOC. I believe he needs more knowledge especially on our operations. Anyway I dun think I will recommend anyone else after this..
So I’ve decided to allocate some of my working time to look at the logs and try to find any interesting events that I deemed useful and beneficial to share with you guys. Hence, I’ve added new category called Analyst Journal. OK, I did copy the concept of SANS Handlers Diary because it was useful in sense of knowledge sharing and I believe it also can help me brush up my analysis skills besides maintaining whatever the knowledge and skills that I have.
Anyway if you encounter any interesting logs/events/incident or any useful tools that can enhance our analysis skills, perhaps you can email me and we can share it here besides reading the Handler’s Diary. But I guess most of the post under this category later on will be based on what ever events that I’m going to face later on.
