PANGA GANESH

Working on the Splunk, ArcSight ESM SIEM (console & web console) providing operations support at the Security Operations Center for different member firms. • Monitoring alerts (SIEM, IPS, wireless devices, tripwire and other security devices). • Performed threat analysis through research and examining log data • Monitoring & analyzing incoming Events in a network. • Monitoring AV logs in ESM & raising case for malware infections. • Monitoring Windows logs & raising cases for login failures & lockouts based on defined thresholds. • Monitoring Tripwire logs for critical file modification on windows servers. • Monitoring database logs & raise cases for suspicious login failures, DB shut down activities, critical commands execution etc. • Monitoring IPS logs & Firewall to identify external threats. • Experience in creating Filters and applying Filters to Active Channels. • Integrating the Commands, Applying the Inline Filters in an Active Channel to make the investigation process reliable. • Exposure to Ticketing tool like Service Now. • Monitor alerts generated in the security analytics solution includes intrusion detection/prevention systems, firewalls, routers, switches, servers, databases, applications and other devices. • Working on SIEM tools providing operational support for preventing of Cyber Attacks. • Identifying potential information security incidents like security attacks and anomalous activities. • In addition, perform analysis by observing deviations from normal behavior to uncover activities that could undermine security of information assets. • Validate and confirm potential security incidents through detailed investigation of logs. • Create incidents for all alerts/findings and regular updates on overall analysis as per the defined SLA’s. • Displaying the event data in different layouts by defining Dash Boards & Data Monitors. • Checking the overall system health, Connectors health & reporting it to the Admin. Team on daily basis. • Providing daily, weekly and monthly reports of incident activity. • Security Incident Response and closure of Incidents within SLA using Service Now & Service Desk • Performing Health check of network security devices. • Analyzing Phishing and Spam related activities and notifying to the users. • Preparing daily and weekly dashboard on the security threats and trends on the network. • Working on Real time network traffic by analyzing the logs from IDS and Firewalls through SIEM Tool. • Handling the complete incident management framework cycle right from incident identification, incident containment, performing root cause analysis, suggestion and implementation of preventive and corrective controls and perform network analysis as needed on a case to case basis. • Participate in weekly and monthly review calls with client and team meetings to review status of the issues and to provide process updates. • Providing 24x7 on-call support & coordinating with required Teams to resolve the high security issues.