Scribd
Upload
427 views18 pages

An Internship Report Presentation On SOC Analyst at Thakral One Nepal PVT - LTD

INTERNSHIP REPORT AXDF SYSTAM

Uploaded by

dhiraj.rajbiraj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
427 views18 pages

An Internship Report Presentation On SOC Analyst at Thakral One Nepal PVT - LTD

INTERNSHIP REPORT AXDF SYSTAM

Uploaded by

dhiraj.rajbiraj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

• An Internship Report Presentation

• On SOC Analyst
• At Thakral One Nepal Pvt.Ltd.

Presented By
Alisha Karki(10059/19) Supervised By
Er. Dhiraj Kumar Jha
Presentation Outline
• Organization Details / Position Held
• Literature Review
• Objectives
• Tools Used
• Activity Performed
• Current Trends / Research
• References
• Conclusion
• Appendix

2
Organization Details / Position Held
• Thakral One Nepal is a tech consulting & services company focused on core
business applications. The company works on Financial Services, Banking,
Telco, Government, Healthcare, and Consumer-oriented organizations. It is
located at Sano Gaucharan, Kathmandu, Nepal.
• Position Held: SOC Analyst Intern
• Mentor: Chitra Pun and Ishwor Shrestha

3
Literature Review
• Security information and event management(SIEM) is a security solution that helps
organizations recognize and address potential security threats and vulnerabilities. It
performs various functions like log management, event correlation, incident
monitoring and reporting.
• The beneficial aspect of using a SIEM tool is that it streamlines real-time threat
recognition and provides efficient investigation on the incidents. SIEM now with
have started converging into big data analytics tool with integration of SOAR and
AI/ML.
• Best practice is to start SIEM solution development with adding only few log
sources like, central firewalls, intrusion detection and intrusion prevention systems
and Active Directory domain controller security event logs.
• Log data often varies in format, structure, and verbosity across different sources,
posing challenges for correlation and analysis. Cybersecurity content developers
employ normalization techniques to standardize log formats, making them
consistent and interoperable within the SIEM environment. Additionally, they
enrich log data by appending contextual information, such as asset tags, user
attributes, and threat intelligence indicators, to enhance the visibility and relevance
of security events.
Objectives
• The objectives of the Cybersecurity services provided by Thakral One Nepal is to
provide essential security measures through the integration of SIEM in the client-
side and continuously monitoring and performing log analysis. The main objective
of the SOC are given below:

• To handle any incidents and offenses and reporting to the clients.

• To focus on recovery and remediation, addressing vulnerabilities, updating


processes and policies.

• To analyze logs, network traffic and data to identify potential threats and
vulnerabilities.
Objectives
• To customize reports and dashboards to meet specific requirements.

• To investigate offenses and contribute on preparing Root Cause Analysis(RCA)


reports.

• To assist in preparing the monthly SIEM reports.


Tools Used
• LogPoint

• IBM Qradar

• Putty

• Linux

• WinSCP

• MobaXterm
Activity Performed
• As an intern for SOC Analyst, routinely investigation and reporting the necessary
alerts to the clients were performed, along with these activities:

• Data Integration through Routing policies, Repos, Normalization Policies,


Enrichment Polices, Device and Device groups

• Log Collection using AgentX Windows in LogPoint and WinCollect In IBM


Qradar

• Correlating and fine tuning SIEM alerts

• Creating offense rule in IBM Qradar


Current Trends / Research
• Advanced Persistent Threats
• Endpoint Security
• AI and Automation
• Zero Trust Model
• Data Localisation
• Cloud Jacking

10
References

• Kotenko, Igor & Chechulin, Andrey. (2013). Computer attack modeling and security evaluation
based on attack graphs. Journal of Cyber Security and Mobility. 3. 614-619.
10.1109/IDAACS.2013.6662998.
• Podzins, Oskars & Romanovs, Andrejs. (2019). Why SIEM is Irreplaceable in a Secure IT
Environment?. 1-5. 10.1109/eStream.2019.8732173.
• Ramakrishnan, Shanmugavelan & Chittibala, Dinesh. (2024). Enhancing Cyber Resilience:
Convergence of SIEM, SOAR, and AI in 2024. International Journal of Computing and
Engineering. 5. 36-44. 10.47941/ijce.1754.
Conclusion
• The internship opportunity at Thakral One Nepal has facilitated a deeper
understanding of cyber and network security and it’s growing spectrum along with
challenges and zero-day attacks. The exposure has enhanced the learning nature and
bridging the gap between theoretical and practical practices. Through healthy and
communicative working environment, it also has assisted in problem solving and
magnifying the researching capabilities.
Appendix
THANK YOU

18

You might also like