From 74c0aaafcfee02e0797f43be54ff62df3a698f66 Mon Sep 17 00:00:00 2001
From: Matthew Iverson <matthew@noreply.localhost>
Date: Sat, 30 Nov 2024 00:52:43 -0500
Subject: [PATCH] Upload files to "Modules/Knowledge/SOC"

---
 .../SOC/cybersecurity_business_perspective.py | 29 +++++++++++++++
 .../Knowledge/SOC/security_best_practices.py  | 27 ++++++++++++++
 Modules/Knowledge/SOC/soc.py                  | 36 +++++++++++++++++++
 Modules/Knowledge/SOC/soc_insight.py          | 29 +++++++++++++++
 .../Knowledge/SOC/threat_detection_trends.py  | 35 ++++++++++++++++++
 5 files changed, 156 insertions(+)
 create mode 100644 Modules/Knowledge/SOC/cybersecurity_business_perspective.py
 create mode 100644 Modules/Knowledge/SOC/security_best_practices.py
 create mode 100644 Modules/Knowledge/SOC/soc.py
 create mode 100644 Modules/Knowledge/SOC/soc_insight.py
 create mode 100644 Modules/Knowledge/SOC/threat_detection_trends.py

diff --git a/Modules/Knowledge/SOC/cybersecurity_business_perspective.py b/Modules/Knowledge/SOC/cybersecurity_business_perspective.py
new file mode 100644
index 0000000..0682d35
--- /dev/null
+++ b/Modules/Knowledge/SOC/cybersecurity_business_perspective.py
@@ -0,0 +1,29 @@
+def get_content():
+    """
+    Returns structured content focusing on cybersecurity as a business decision.
+    """
+    return [
+        {
+            "title": "Cybersecurity as a Business Decision",
+            "content": """
+- Seen more as a cost than an investment.
+- Enables business functions but is often treated as separate from business infrastructure.
+            """
+        },
+        {
+            "title": "The Reality of Security Analysts",
+            "content": """
+- Shortage of skilled professionals.
+- High burnout rates in L1 SOC analyst roles.
+- Overwhelmed by data, tools, and lack of actionable insights.
+            """
+        },
+        {
+            "title": "Autonomous SOC Expectations",
+            "content": """
+- Fully autonomous SOCs are unrealistic.
+- SOC analysts need creativity to solve problems and handle manual tasks effectively.
+- Agile/DevOps approaches are being implemented in 84% of organizations to improve processes.
+            """
+        }
+    ]
diff --git a/Modules/Knowledge/SOC/security_best_practices.py b/Modules/Knowledge/SOC/security_best_practices.py
new file mode 100644
index 0000000..32a8191
--- /dev/null
+++ b/Modules/Knowledge/SOC/security_best_practices.py
@@ -0,0 +1,27 @@
+def get_content():
+    """
+    Returns structured content for general security best practices.
+    """
+    return [
+        {
+            "title": "Endpoint Security",
+            "content": """
+- Application allow lists to prevent unauthorized execution.
+- Multi-factor authentication for critical accounts.
+            """
+        },
+        {
+            "title": "Network Security",
+            "content": """
+- Default deny for outbound traffic.
+- Monitor SMB and other protocols for misuse.
+            """
+        },
+        {
+            "title": "Incident Response",
+            "content": """
+- First steps: Verify the incident and scope its impact.
+- Root cause analysis to prevent recurrence.
+            """
+        }
+    ]
diff --git a/Modules/Knowledge/SOC/soc.py b/Modules/Knowledge/SOC/soc.py
new file mode 100644
index 0000000..816c793
--- /dev/null
+++ b/Modules/Knowledge/SOC/soc.py
@@ -0,0 +1,36 @@
+def get_content():
+    """
+    Returns structured content for SOC transformation and modern practices.
+    """
+    return [
+        {
+            "title": "Building a Sustainable SOC",
+            "content": """
+- Move away from traditional L1, L2, L3 structures to reduce burnout.
+- Enable junior analysts to manage their own incidents with mentoring.
+- Focus on creating detection engineers and platform service teams:
+    - Detection Engineers:
+        - Investigate, triage, respond.
+        - Detection and automation creation.
+    - Platform Service:
+        - SIEM architecture, playbook development.
+        - Integration and data pipeline management.
+            """
+        },
+        {
+            "title": "Iterative Improvement",
+            "content": """
+- Prioritize actionable improvements and document processes.
+- Understand the detection surface to focus on high-value areas.
+- Collaborative outsourcing and detection engineering are key.
+            """
+        },
+        {
+            "title": "Key Takeaways",
+            "content": """
+1. Build systems to support emerging practitioners.
+2. Maintain relentless focus on the mission.
+3. Prioritize actionable and iterative improvements.
+            """
+        }
+    ]
diff --git a/Modules/Knowledge/SOC/soc_insight.py b/Modules/Knowledge/SOC/soc_insight.py
new file mode 100644
index 0000000..295b52f
--- /dev/null
+++ b/Modules/Knowledge/SOC/soc_insight.py
@@ -0,0 +1,29 @@
+def get_content():
+    """
+    Returns structured content from keynote speakers and their insights.
+    """
+    return [
+        {
+            "title": "Allie Mellen's Insights",
+            "content": """
+- Works at Forester, MIT, Fortune 500 CISO, and as a principal analyst.
+- Focus areas:
+    - Security operations, detection and response engineering.
+    - Research on nation-state threats.
+- Key Thoughts:
+    - Autonomous SOCs are unrealistic; manual work is inevitable.
+    - SOC analysts must develop creative solutions to adapt.
+            """
+        },
+        {
+            "title": "Eli Short's Insights",
+            "content": """
+- Issues in Rule Management:
+    - Most rules are outdated or unused after a few years.
+    - Organizations fail to track and optimize rule usage.
+- Recommendations:
+    - Adopt threat-informed defense strategies.
+    - Ensure realistic expectations based on available logs and data.
+            """
+        }
+    ]
diff --git a/Modules/Knowledge/SOC/threat_detection_trends.py b/Modules/Knowledge/SOC/threat_detection_trends.py
new file mode 100644
index 0000000..9f79622
--- /dev/null
+++ b/Modules/Knowledge/SOC/threat_detection_trends.py
@@ -0,0 +1,35 @@
+def get_content():
+    """
+    Returns structured content for threat detection trends and sector-specific insights.
+    """
+    return [
+        {
+            "title": "Top Threat Detection Trends",
+            "content": """
+- Top 20 techniques are common across all industries.
+- Most attacks target 10% of T-Codes.
+- Detection challenges:
+    - Volume of detections.
+    - Technique variance and persistence.
+            """
+        },
+        {
+            "title": "Industry-Specific Insights",
+            "content": """
+- **Education**: Email forwarding/hiding rules account for 55% of detections.
+- **Manufacturing**: Biggest issue is removable media.
+- **Finance & Insurance**: HTML smuggling and distributed component object model attacks.
+- **Information Sector**: Unix-based issues, heavy use of Docker, cloud, and servers.
+- **Healthcare**: Cron jobs and Unix shell are common targets.
+            """
+        },
+        {
+            "title": "Threat Mitigation Focus",
+            "content": """
+- Focus on hygiene, configuration, data, and systems.
+- Techniques most affected:
+    - Powershell, registry modification, malicious files, cmd usage.
+    - Tool transfers, email hiding, and system utility renaming.
+            """
+        }
+    ]