top of page
Writer's pictureHarisuthan

Sooty SOC Analyst tool 101


The SOC Analyst's all-in-one tool to automate and speed up workflow
Sooty SOC Analyst tool

Tools are essential for SOC (Security Operations Center) analysts because they enable them to detect, analyze, and respond to security threats quickly and effectively. By leveraging the appropriate tools, SOC analysts can reduce the time to detect and respond to threats, minimize the impact of security incidents, and improve the overall security posture of their organization.

Call for community volunteers


Sooty, a python based automated SOC analyst CLI tool which typically allowing the analyst to spend more time deeper to their investigations. based on its integration and features like URL sanitizing, decoders, reputation check etc., helps to investigate in an single CLI interface,


Components of Sooty | SOC Analyst tool

As a multiple purpose SOC analyst it has multiple integration listed below:


The SOC Analyst's all-in-one tool to automate and speed up workflow
Components of Sooty

Installation:

Here are the simple installation steps for Sooty


The SOC Analyst's all-in-one tool to automate and speed up workflow
Downloading & Installation
  • Navigate to the directory and execute the requirement[.]txt

The SOC Analyst's all-in-one tool to automate and speed up workflow
The SOC Analyst's all-in-one tool to automate and speed up workflow
Installing Requirements
  • Run the sooty[.]py and follow the prompts to complete the execution

The SOC Analyst's all-in-one tool to automate and speed up workflow
Sooty

URL Sanitizing Tool:

URL sanitizing is an important technique used by the SOC analyst to cleaning up and standardizing a URL to make it safe and more user-friendly. the sanitized URL can be later used as an attachments for further investigations and confirmation.


Enter the URL which needs to be sanitized and press enter to observe the result

The SOC Analyst's all-in-one tool to automate and speed up workflow
URL Sanitizing

Decoders:

Decoders are generally used by the SOC analyst to reverse the encoding or encryption process of data. Sooty includes multiple decoding options listed below.

  • ProofPoint Decoder

  • URL Decoder

  • Office Safelinks Decoder

  • URL Unshortener

  • Base 64 Decoder

  • Cisco Password 7 Decoder

  • Unfurl UR

Enter the encoded URL/Strings which needs to be decoded and press enter to observe the result

The SOC Analyst's all-in-one tool to automate and speed up workflow
Decoders

Reputation Checker:

A reputation checker is a tool or service that is used by the SOC analyst to assess the reputation of a website, domain, or IP address based on its history of activity and behavior on the internet. It is the most commonly used tool in there day to day activity for investigation.


Enter the IP/URL/Email which needs to be checked and press enter to observe the result

The SOC Analyst's all-in-one tool to automate and speed up workflow
Reputation Checker:

DNS Tools:

DNS checking tools are particularly important for SOC analysts as they can help at investigate and determines various security threats. Sooty includes multiple DNS tool options listed below.

  • Reverse DNS Lookup

  • DNS Lookup

  • WhoIs Lookup

Enter the IP which needs to be checked and press enter to observe the result

Sooty
DNS Tools

Hashing Functions:

Hashing is widely used by SOC analysts for a variety of purposes, such as data integrity, password storage, and checking the hash for know malicious activity. Sooty includes multiple hashing functions listed below.

  • Hash a File

  • Hash a Text Input

  • Check a hash for known malicious activity

  • Hash a file and check for known malicious activity

Enter the txt which needs to be hashed or enter the hash for known malicious activity.

Sooty
Hashing Functions

Thank you for taking the time to read this blog post, and I hope that it has been helpful to you. I'd love to hear your thoughts, so please comment below and let me know your thoughts!

Cyber Tech Group

Reference:

https://github.com/TheresAFewConors/Sooty

385 views0 comments

Recent Posts

See All

Comments


bottom of page