Monitoring and investigating the Real-time events by using ticketing tools like ServiceNow.Investigated the varies types of ticket by using Splunk ESM, Falcon Crowd strike, Microsoft 365 Defender, Alert Logic, Armor Trend Micro, Azure AD Identity protection.Good knowledge to verify the device/IP/Racker details by using AppGate VPN, Splunk Dashboards, Microsoft Endpoint Centre and Falcon Crowd Strike while investigating the tickets.Monitoring the past 24 hours Mail/Teams… Show more Monitoring and investigating the Real-time events by using ticketing tools like ServiceNow.Investigated the varies types of ticket by using Splunk ESM, Falcon Crowd strike, Microsoft 365 Defender, Alert Logic, Armor Trend Micro, Azure AD Identity protection.Good knowledge to verify the device/IP/Racker details by using AppGate VPN, Splunk Dashboards, Microsoft Endpoint Centre and Falcon Crowd Strike while investigating the tickets.Monitoring the past 24 hours Mail/Teams communication and responding for few Mails/Teams which are related to Security Operations Team.Good Knowledge to run the Hunts by using predator tool for varies customers once in a week.Conducting the Multiple Knowledge Sharing sessions for the new joiners on real-time analysis.Created the multiple Core/Encore tickets for various customers on relevant real-time security incidents.Working on varies types of cyber-attacks like Unfamiliar Sign-in/Risky Sign-in, Phishing/ Spam, Windows/Linux login failure, Audit log Cleared, Custom file integrity, Malicious URL Connection Blocked, Malicious URL Access and Malicious file downloaded activity etc.Good knowledge to disable/enable the Rackers SSO while investing the ticket on priority.Good knowledge on Configuration/Integration/Deployment activities between multiple security technologies.Good Knowledge to create and run the playbooks in Splunk Soar to block the IP address/Domains/URLs on priority.Scheduling the shift discussion meeting to share the shift updates at the end of the shift over the teams call.Good knowledge to pull the required report and made the dash boards as per template while sending handover at the end of the shift. Show less

Monitoring and investigating the Real-time events using SIEM tools like HP ArcSight.Monitoring the past 24 hrs mail communication and responding for few mails which are related to Security Operations Team.Creating Active channels for specific historical and real time traffic monitoring.Monitoring and analysing real-time phishing activities by using Office365 Protection.Monitoring and investigating the risky sign-in activities by using Microsoft Azure.Working on different… Show more Monitoring and investigating the Real-time events using SIEM tools like HP ArcSight.Monitoring the past 24 hrs mail communication and responding for few mails which are related to Security Operations Team.Creating Active channels for specific historical and real time traffic monitoring.Monitoring and analysing real-time phishing activities by using Office365 Protection.Monitoring and investigating the risky sign-in activities by using Microsoft Azure.Working on different types of attacks like Impossible travel, Phishing and Spam, Windows/Linux login failure, Windows/Linux user account created/modified activities, Mail Forwarding/redirecting and Risky sign-in activities etc by using Microsoft Cloud App Security and Microsoft Defender ATP.Creating Security incidents, Service Request and Change Request by using IT Service desk tool.Creating Work Orders and assigning to relevant teams for more investigation on Created pending incidents.Monitoring and investigating the Suspicious Domain, SSL Certification issue, Email Security Validation by using Rapid7 Intsights.Good knowledge on Rules Creation/Policies implementation in Microsoft Cloud App Security/Arcsight SIEM.Creating weekly, monthly status reports and forwarding to manager.Creating Incident Tracker (Daily), Threat Management Tracker (Quarterly), SLA reports (Monthly).Worked on providing Handover to next shift members at the end of the shift. Show less

Collected, Monitored and analysed the suspicious activities by using ArcSight SIEM.Investigated the specific traffic by using active channels, Filters, Dash Boards and Reports.Monitored and investigated the Cisco NBAD Stealth watch traffic (Inbound, Outbound and lateral) & high bandwidth utilization report.Monitored mail communication and replied to specific mails based on priority.Created the new incidents in ServiceNow to do the deep analysis on suspicious… Show more Collected, Monitored and analysed the suspicious activities by using ArcSight SIEM.Investigated the specific traffic by using active channels, Filters, Dash Boards and Reports.Monitored and investigated the Cisco NBAD Stealth watch traffic (Inbound, Outbound and lateral) & high bandwidth utilization report.Monitored mail communication and replied to specific mails based on priority.Created the new incidents in ServiceNow to do the deep analysis on suspicious activities.Blocked the malicious IP’s, Domains, Hash Values and URL’s in security devices with the help of Network Security team, Email Gateway team, Infoblox.Monitored, Investigated and taken proper action on various types of attacks like Windows Login Failures, Windows user group Created/Modified, DOS or DDOS attacks etc.Worked on Active Channels, Reports, and Dashboards in ArcSight SIEM to identify and investigate the suspicious activities.Monitored the real-time malware related alerts like malware call back, malware object with the help of FireEye malware protection system (MPS).Created the new incidents for investigating with the help of ServiceNow.Created DNS forward mapping/reverse mapping with the help of Infoblox DNS.Blocked the single/multiple domains with the help of Infoblox.Created Service Request and Change Request by using ServiceNow ticketing tool.Preparing Health Check-up Report of various technologies in SOC, before shift handover. Show less

Collected, Monitored and analysed the suspicious activities by using ArcSight SIEM.Investigated the specific traffic by using active channels, Filters, Dash Boards and Reports.Monitored and investigated the Cisco NBAD Stealth watch traffic (Inbound, Outbound and lateral) & high bandwidth utilization report.Monitored mail communication and replied to specific mails based on priority.Created the new incidents in ServiceNow to do the deep analysis on suspicious… Show more Collected, Monitored and analysed the suspicious activities by using ArcSight SIEM.Investigated the specific traffic by using active channels, Filters, Dash Boards and Reports.Monitored and investigated the Cisco NBAD Stealth watch traffic (Inbound, Outbound and lateral) & high bandwidth utilization report.Monitored mail communication and replied to specific mails based on priority.Created the new incidents in ServiceNow to do the deep analysis on suspicious activities.Blocked the malicious IP’s, Domains, Hash Values and URL’s in security devices with the help of Network Security team, Email Gateway team, Infoblox.Monitored, Investigated and taken proper action on various types of attacks like Windows Login Failures, Windows user group Created/Modified, DOS or DDOS attacks etc.Worked on Active Channels, Reports, and Dashboards in ArcSight SIEM to identify and investigate the suspicious activities.Monitored the real-time malware related alerts like malware call back, malware object with the help of FireEye malware protection system (MPS).Created the new incidents for investigating with the help of ServiceNow.Created DNS forward mapping/reverse mapping with the help of Infoblox DNS.Blocked the single/multiple domains with the help of Infoblox.Created Service Request and Change Request by using ServiceNow ticketing tool.Preparing Health Check-up Report of various technologies in SOC, before shift handover. Show less