Security Operations: SOC, SIEM, SOAR and UEBA

Описание: A firewall blocks traffic, but a SOC finds the enemy already inside. In this video, Sec Guy breaks down the Tiered SOC Model (Analysts vs. Hunters), explains the critical math of Detection Engineering (Precision vs. Recall), and shows how UEBA uses Machine Learning to catch the "Insider Threat" that traditional rules miss.

[Exam Ready Route - FREE]
Pass your certification for $0.
✅ Training Videos & Practice Tests
✅ Sec Guy Mobile Lab (On-the-go training powered by AI voice)
✅ Discord Access (Study sessions & Industry networking)
👉 Start Here: https://secguy.org

[Job Ready Route - MEMBERSHIP]
Stop studying and start working. Get the hands-on experience hiring managers are asking for.
🔥 Hands-On Labs: Python, Encryption, Hashing, AI, & CTFs
🔥 Salary Negotiator Workshop
🔥 Experience Builder: Real-world projects to fill your resume
👉 Get Hired: https://secguy.org

[Exam Domain Checklist]
This video covers critical objectives for the following exams:

Security+
[ ] Domain 4.1: Security Operations (SOC Roles, Playbooks, Runbooks)
[ ] Domain 4.2: Monitoring and Detection (SIEM, UEBA, SOAR)
[ ] Domain 2.3: Indicators of Malicious Activity (False Positives vs. True Positives)

CISSP
[ ] Domain 7: Security Operations (Logging and Monitoring Activities)
[ ] Domain 1: Security and Risk Management (Security Governance & Roles)

CISM
[ ] Domain 4: Information Security Incident Management (Incident Response Capabilities)

CRISC
[ ] Domain 4: Risk and Control Monitoring (Key Performance Indicators - KPI/KRI)

CCSP
[ ] Domain 5: Cloud Security Operations (Cloud Logging & Monitoring)

SecurityX (CompTIA)
[ ] Domain 3.0: Security Operations (Threat Detection Engineering & Detection as Code)

GIAC GSEC (SANS)
[ ] Incident Handling & Response: SIEM & Log Analysis

AWS CSS (Certified Security – Specialty)
[ ] Domain 4: Incident Response (Centralized Logging with CloudWatch & Security Hub)

Pentest+ (CompTIA)
[ ] Domain 5: Reporting and Communication (Avoiding Detection by SOC)

CEH (Certified Ethical Hacker)
[ ] Domain 1: Information Security Overview (SOC Functions & SIEM Concepts)

SecAI+
[ ] AI Security: Using AI for Anomaly Detection (UEBA) vs. Traditional Rules

[Timestamps]
0:00 - Intro: Manning the Watchtowers
0:25 - The Tiered SOC Model: Tier 1 (Triage), Tier 2 (IR), Tier 3 (Hunters)
1:00 - Detection Engineering: Precision (Quality) vs. Recall (Quantity)
1:40 - UEBA (User & Entity Behavior Analytics): Catching the Insider
2:20 - The SIEM Pipeline: Collection, Normalization, Correlation
3:00 - Cloud Architecture: Security Data Lake vs. SIEM Cost
3:30 - Detection as Code: Git-based Rules & Version Control
3:50 - SOAR (Security Orchestration, Automation, and Response)
4:15 - Summary: Data is Noise until it's Actionable
4:35 - Outro: Stay Safe, Stay Secure.