The SOC master helps you compile reports from pre-downloaded CSV templates for some of the reports that a SOC analyst may need to compile and share with relevant stakeholders.
- Privileged access: Compile reports for successful privileged access to have the username, source IP, destination IP,count and Source hostname.
- Network logon: Captures all logon activities in the network (both successful and unsuccessful)
- Privileged operations: Compile reports for successful privileged operations performed, failed privileged operations and failed privileged operations within a short time
- Failed logon attempts on the domain controller
- Account management: New user accounts created, bad password entries, locked accounts, unlocked accounts, disabled and deleted accounts.
- INstalled and uninstalled applications
- Windows successful logon sessions where there the user was already logged on but their session was locked and RDP connections made to a host which resulted to a successful login.
- VPN connections made to your network.
- URLs visited on the network.
Installation: Install this script by cloning the repository as shown below
git clone git@github.com:kiiru4reals/the-soc-master.gitCreate a new directory called docs on the root directory.
mkdir docs/Navigate to the daily_reports directory and make all scripts executable.
cd daily_reports
sudo chmod +x *.shRun start.sh file
./start.shContributions to this project is welcome! If you have improvements, bug fixes, or new features to suggest, please create a pull request or open an issue on the GitHub repository.