this post was submitted on 01 Jul 2023
7 points (100.0% liked)

Blue Team

7 readers
1 users here now

Blue Teamers are the first (and sometimes last) line of defense in the ongoing cyber war. This place is to chat out detection strategies, complain about SIEMs, compare SOAR playbooks, or post mean memes about the Red Team.

founded 1 year ago
MODERATORS
 

I have found Excel to be quite useful for collecting data, doing summary analysis of logs, etc. I also liked this blog post from Mandiant, about using Excel to timeline artefacts with very different structure. It takes a bit of work using find, left, mid, right, concat, etc, but then it is quite useful! Another good thing is that a lot of people are better at creating Excel sheets than doing XPath queries.

Anyone else using Excel for DFIR, and how do you use it?

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here