Further Contributor: Pradnya Padaki
Stepping right into a Safety Operations Centre (SOC) at Cisco Reside Melbourne for the primary time was an expertise charged with pleasure and barely nervous. Beforehand, my solely understanding of SOCs got here from listening to buyer tales and dealing with their challenges—I had identified the strain, urgency, and teamwork required solely by their eyes, by no means having been in these footwear myself.
Onboarding: Fast and Welcoming
Opposite to my expectations of a drawn-out onboarding, the method was surprisingly swift (taking lower than 10-20 minutes). Due to Duo, I used to be rapidly given entry to all of the important instruments: Cisco XDR, Splunk, firewall dashboards, and extra from the duo listing. This seamless entry calmed my nerves and made me really feel immediately welcome.
After that, it was all about getting snug with the instruments and escalation processes. As a Tier 1/Tier 2 analyst, my every day routine revolved round Cisco XDR, which introduced collectively incident alerts from each nook of the community. Every alert got here full of context and intelligence, making investigations a lot much less overwhelming.
Discovering Endace
Considered one of my highlights was utilizing Endace for the primary time. This software gave me the flexibility to dive into packet-level particulars, filter knowledge quickly, and transition from high-level incidents to granular packet captures. Correlating metadata and community flows grew to become easy and even gratifying, serving to me clear up issues with rather more confidence.
Candid Conversations
In the course of the occasion, I used to be continuously placed on the spot to share my firsthand expertise of working in a SOC for the primary time, significantly reflecting on my day two investigations. This inspired me to look at rigorously and assume deeply in regards to the operational realities. Many shoppers confirmed eager curiosity, recognizing that my expertise might quickly mirror their very own, which made these interactions particularly invaluable and motivating.
Day 1: Studying the Ropes
The primary day was all about orientation: understanding the workflow, attending to know the instruments, and growing the mindset wanted for efficient investigations. With assist from skilled colleagues, I realized to triage incidents, examine menace intel, dive into logs, and seek the advice of with the workforce earlier than making selections. By the day’s finish, my preliminary nervousness had remodeled into pleasure.
Day 2: Main My Personal InvestigationÂ
On day two, I took on incidents independently, performing full triage and drafting escalation reviews myself.
Case Research: Investigating Suspicious Community Connections
Background: Throughout my preliminary SOC task, an alert was generated by Cisco XDR highlighting that an inner endpoint was making connections to a number of IP addresses identified for malicious exercise.
Detection: Cisco XDR flagged the suspicious conduct, visualizing the connections between one inner asset and a number of other high-risk exterior hosts. This raised instant issues about potential malware or command-and-control exercise (see Cisco XDR investigation under).
Investigation: To validate and additional analyze the incident, I used Endace for in-depth packet inspection. Filtering for the precise IP and utility revealed a constant movement of site visitors matching file switch patterns. Additional evaluation confirmed that the site visitors was generated by a BitTorrent utility working on the endpoint (see Endace screenshot under).
Response motion: From the primary alert in Cisco XDR, I carried out a complete investigation to rapidly confirm the violation of insurance policies. As a Tier 2 analyst, my response included correlating knowledge from a number of sources, conducting packet captures with Endace to rule out malware, and assessing the broader affect on the surroundings.  As soon as the investigation confirmed Bittorrent utilization because the supply of suspicious site visitors, the case was formally escalated to make sure acceptable follow-up, together with consumer training and enhanced community controls to mitigate recurrence. The affected endpoint was flagged for additional monitoring, and the applying was disabled to forestall ongoing peer-to-peer file sharing. An in depth incident report was compiled, outlining dangers comparable to malware publicity, bandwidth consumption, and privateness vulnerabilities related to unauthorized Bittorrent exercise.
Consequence & Reflection: Seeing the investigation by preliminary alert to root trigger dedication—leveraging each Cisco XDR and Endace—marked a serious milestone in my SOC journey. This end-to-end incident dealing with not solely bolstered procedural self-discipline however considerably boosted my confidence in dealing with real-world threats.
Reflections and TakeawaysÂ
By the top of the occasion, I spotted the actual essence of a SOC isn’t nearly instruments or dashboards. It’s about individuals: collaboration, belief, shared curiosity, and supporting one another. At the same time as a newcomer, I used to be welcomed, trusted, and inspired—which made a world of distinction.
In abstract, my first SOC expertise turned preliminary nerves into real confidence. I entered as an observer and left feeling like a part of the workforce—a journey outlined by assist, studying, and the joys of fixing real-world safety challenges.
Try the opposite blogs by my colleagues within the Cisco Reside Melbourne 2026 SOC.
We’d love to listen to what you assume! Ask a query and keep related with Cisco Safety on social media.
Cisco Safety Social Media
LinkedInFacebookInstagramX
