Tools are essential for SOC (Security Operations Center) analysts because they enable them to detect, analyze, and respond to security threats quickly and effectively. By leveraging the appropriate tools, SOC analysts can reduce the time to detect and respond to threats, minimize the impact of security incidents, and improve the overall security posture of their organization.
Sooty, a python based automated SOC analyst CLI tool which typically allowing the analyst to spend more time deeper to their investigations. based on its integration and features like URL sanitizing, decoders, reputation check etc., helps to investigate in an single CLI interface,
Components of Sooty | SOC Analyst tool
As a multiple purpose SOC analyst it has multiple integration listed below:
Installation:
Here are the simple installation steps for Sooty
Download the sooty.git from the Git Hub [https://github.com/TheresAFewConors/Sooty.git] and execute the below mentioned command
Navigate to the directory and execute the requirement[.]txt
Run the sooty[.]py and follow the prompts to complete the execution
URL Sanitizing Tool:
URL sanitizing is an important technique used by the SOC analyst to cleaning up and standardizing a URL to make it safe and more user-friendly. the sanitized URL can be later used as an attachments for further investigations and confirmation.
Enter the URL which needs to be sanitized and press enter to observe the result
Decoders:
Decoders are generally used by the SOC analyst to reverse the encoding or encryption process of data. Sooty includes multiple decoding options listed below.
ProofPoint Decoder
URL Decoder
Office Safelinks Decoder
URL Unshortener
Base 64 Decoder
Cisco Password 7 Decoder
Unfurl UR
Enter the encoded URL/Strings which needs to be decoded and press enter to observe the result
Reputation Checker:
A reputation checker is a tool or service that is used by the SOC analyst to assess the reputation of a website, domain, or IP address based on its history of activity and behavior on the internet. It is the most commonly used tool in there day to day activity for investigation.
Enter the IP/URL/Email which needs to be checked and press enter to observe the result
DNS Tools:
DNS checking tools are particularly important for SOC analysts as they can help at investigate and determines various security threats. Sooty includes multiple DNS tool options listed below.
Reverse DNS Lookup
DNS Lookup
WhoIs Lookup
Enter the IP which needs to be checked and press enter to observe the result
Hashing Functions:
Hashing is widely used by SOC analysts for a variety of purposes, such as data integrity, password storage, and checking the hash for know malicious activity. Sooty includes multiple hashing functions listed below.
Hash a File
Hash a Text Input
Check a hash for known malicious activity
Hash a file and check for known malicious activity
Enter the txt which needs to be hashed or enter the hash for known malicious activity.
Thank you for taking the time to read this blog post, and I hope that it has been helpful to you. I'd love to hear your thoughts, so please comment below and let me know your thoughts!
Reference:
https://github.com/TheresAFewConors/Sooty