Tldr+ Soc: Logs, Alerts and Triage for Analysts

Be fast. Be accurate. Be useful. That's what a SOC analyst does - and this book shows you how.

TLDR+ SOC is a hands-on guide to working in a Security Operations Center, created for L1 and L2 analysts who want to understand what matters - logs, alerts, and making the right decisions fast.

No lectures. No buzzwords. Just what to do when something looks suspicious.

Inside, you'll learn how to:

• read and filter logs with tools like journalctl, grep, and jq

• analyze authentication failures, lateral movement, and PowerShell abuse

• investigate alerts using VirusTotal, AbuseIPDB, and MISP

• tell the difference between a false positive and a real incident

• document, escalate, and survive an alert storm with your sanity intact

Includes cheat sheets, enrichment tools, triage flowcharts, and live examples based on real SOC scenarios.

Whether you're in your first analyst role, prepping for your first IR escalation, or just tired of Googling journalctl -xe for the 50th time - this book is for you.