https://www.malware-traffic-analysis.net/tutorials/wireshark/index.html
https://www.youtube.com/watch?v=tfyA7ZsgVO8
https://www.youtube.com/watch?v=ZuLazPgFtBE
https://www.youtube.com/watch?v=ih0SC-dN6MU&feature=youtu.be
https://learn.techbeacon.com/units/what-security-operations-center-soc
https://learn.techbeacon.com/units/what-are-siem-user-roles
A typical SOC continuously collects and analyzes security-relevant data from myriad sources, including intrusion detection and prevention systems, host-based security tools, network firewalls, application software, and DNS servers. Because of the sheer volume of such data, especially within large organizations, most SOCs use security information and event management (SIEM) systems to pull together all the data from the different systems and to apply rules for generating alerts from that data. Often, SOCs use behavioral analytics technologies in conjunction with a SIEM to weed out advanced persistent threats.
Increasingly, many SOCs also consume and integrate data from external sources, including threat intelligence feeds from third-party suppliers. SOC analysts use such data to try to enable a more contextual understanding of security incidents so they can decide how to respond.