Abstract:
With the growing sophistication of the cyber threats, the Security Operations Center (SOC) Level 1 (L1)
analysts assume a greater role in detection and mitigation of such threats. But manual processes that SOC L1
analysts are currently using to query different sources of threat intelligence, perform malware analysis and
create Indicators of Compromise (IOCs) are both error-prone and labour-intensive. This thesis suggests the
devising of the system of Integrated Malware Detection and Analysis which is meant to mechanize these
processes and make the work of SOC L1 analysts more efficient and precise.
The offered solution accelerates real-time threat intelligence aggregators with several providers like
VirusTotal, AbuseIPDB, ThreatFox, etc. By connecting with Safety Information and Event Administration (SIEM)
devices, such as Wazuh, the system can be used to associate threat information, automatically reacting to
incidents and effectively managing cases. This saves a lot of time to respond to incidents and also chances of
making mistakes.
The system is expected to boost the operational efficiency of the research and apply the unified threat
intelligence aggregation, machine-assisted malware analysis, and live incident responders. The study lays out
how the system is designed, developed and used, with the aim to stimulate the community in terms of the
potential of the system to offer proactive, efficient, and scalable solutions to the problems experienced by
SOC L1 analysts in the current cybersecurity environment.
