Cybersecurity Student Hub

A student cybersecurity hub for notes, resources, and community learning.

View project on GitHub
← Back to Notes Cybersecurity Note

Security Analyst Basics

Security Analyst Basics

A security analyst focuses on monitoring, investigating, and responding to suspicious activity in systems and networks.

This role is usually more defensive and is often connected to blue team work.

Main Responsibilities

A security analyst may:

  • review alerts
  • monitor logs
  • investigate suspicious behavior
  • identify indicators of compromise
  • validate whether activity is malicious or benign
  • support incident response
  • document findings clearly

Important Concepts

Alert

An alert is a signal that something suspicious or important happened.

Examples:

  • multiple failed logins
  • unusual network traffic
  • malware detection
  • suspicious PowerShell activity

Log

A log is a record of activity generated by a system, service, or application.

Examples:

  • authentication logs
  • firewall logs
  • web server logs
  • endpoint logs

IOC

IOC means Indicator of Compromise.

Examples:

  • malicious IP address
  • suspicious file hash
  • known bad domain
  • strange process name

False Positive

A false positive is an alert that looks suspicious but is actually not malicious.

Analysts often spend time validating whether an alert is real or not.

Basic Investigation Questions

When triaging an alert, useful questions include:

  • What happened?
  • When did it happen?
  • Which user or system is involved?
  • Is this activity expected or unusual?
  • What is the source and destination?
  • Is there any known malicious indicator?
  • Does this require escalation?

Common Data Sources

Security analysts often use:

  • SIEM platforms
  • endpoint telemetry
  • firewall logs
  • proxy logs
  • DNS logs
  • authentication logs
  • email security logs

Example Investigation Flow

A simple analyst workflow can be:

  1. receive alert
  2. review basic details
  3. check timestamp and affected system
  4. inspect related logs
  5. look for malicious indicators
  6. decide if the event is benign, suspicious, or malicious
  7. escalate or document the result

Skills That Matter

Useful skills for a security analyst include:

  • log reading
  • pattern recognition
  • networking knowledge
  • operating system basics
  • investigation mindset
  • documentation
  • understanding common attacks

Common Mistakes to Avoid

  • closing alerts too fast
  • ignoring context
  • trusting one single indicator
  • failing to document findings
  • not checking related events

Final Note

A strong security analyst does not just look at alerts.
They ask good questions, validate evidence, and build a clear picture before making a decision.