BHASKAR CHARAN

Working on the logrhythm, Splunk, Azure SIEM (console & web console) providing operations support at the Security Operations Center for different member firms. Monitoring alerts (SIEM, IPS, wireless devices, tripwire and other security devices). Performed threat analysis through research and examining log data Monitoring & analyzing incoming Events in a network. Monitoring AV logs in ESM & raising case for malware infections. Monitoring Windows logs & raising cases for login failures & lockouts based on defined thresholds. Monitoring Tripwire logs for critical file modification on windows servers. Monitoring database logs & raise cases for suspicious login failures, DB shut down activities, critical commands execution etc. Monitoring IPS logs & Firewall to identify external threats. Experience in creating Filters and applying Filters to Active Channels. Integrating the Commands, Applying the Inline Filters in an Active Channel to make the investigation process reliable. Exposure to Ticketing tool like Service Now. Collecting the logs of all the network devices and analyze the logs to find the suspicious activities. Investigate the security logs, mitigation strategies and Responsible for preparing generic security incidentreport. Monitoring, analyzing and responding to infrastructure threats and vulnerabilities in logrhythm, Splunk and Azure Sentinel. Phishing and Spam Email Analysis in logrhythm,O365 Defender. Monitor alerts generated in the security analytics solution includes intrusion detection/prevention systems, firewalls, routers, switches, servers, databases, applications and other devices. Working on SIEM tools providing operational support for preventing of Cyber Attacks. Identifying potential information security incidents like security attacks and anomalous activities. In addition, perform analysis by observing deviations from normal behavior to uncover activities that could undermine security of information assets. Validate and confirm potential security incidents through detailed investigation of logs. Create incidents for all alerts/findings and regular updates on overall analysis as per the defined SLAʼs. Displaying the event data in different layouts by defining Dash Boards & Data Monitors. Checking the overall system health, Connectors health & reporting it to the Admin. Team on daily basis. Providing daily, weekly and monthly reports of incident activity. Security Incident Response and closure of Incidents within SLA using Service Now & Service Desk. Performing Health check of network security devices. Analyzing Phishing and Spam related activities and notifying to the users. Preparing daily and weekly dashboard on the security threats and trends on the network. Working on Real time network traffic by analyzing the logs from IDS and Firewalls through SIEM Tool. Handling the complete incident management framework cycle right from incident identification, incident containment, performing root cause analysis, suggestion and implementation of preventive and corrective controls and perform network analysis as needed on a case to case basis. Reviewing and maintaining internal documentation for policies and procedures Sampling evidence from the ISMS as part of a field review, demonstrating that the policies and procedures are followed consistently Analyzing findings from document review and field review to ensure they meet ISO 27001 requirements Implementing improvements, as needed, based on audit findings. Participate in weekly and monthly review calls with client and team meetings to review status of the issues and to provide process updates. Providing 24x7 on-call support & coordinating with required Teams to resolve the high security issues. Scan network-accessible systems by pinging them or sending them TCP/UDP packets Identify open ports and services running on scanned systems If possible, remotely log in to systems to gather detailed system information Correlate system information with known vulnerabilities Lessening the likelihood and/or impact of a vulnerability being exploited. This is sometimes necessary when a proper fix or patch isnʼt yet available for an identified vulnerability. This option should ideally be used to buy time for an organization to eventually remediate a vulnerability. Workflow capabilities have been introduced in Windows PowerShell version 3.0. It is designed particularly to help us by performing long-time and effort-consuming complex tasks across different and multiple devices at different locations. Windows PowerShell introduced the concept of background jobs that run scripts and cmdlets asynchronously on the remote and local machines in the background without affecting the user interface or interacting with the console. PowerShell console introduced a web-based version in Windows Server. Here, we can run PowerShell cmdlets from any web browser which is not available on desktops but also on any tablet or mobile devices.