Built for Defenders.

Platform khusus untuk SOC analyst, incident responder, dan threat hunter. Dari deteksi sampai remediation — semua dalam satu workflow terintegrasi.

24/7
Monitoring
<5m
MTTD Average
100%
MITRE Coverage

SOC Dashboard (Simulation)

Real-time monitoring dashboard. Data ini adalah simulasi untuk demo.

◉ CYBERDECK SOC · LIVE
OPERATIONAL
Events / sec
2,847
↑ 12% vs yesterday
Active Alerts
23
↓ 8% vs yesterday
MTTD
4.2m
↓ 15% vs target
MTTR
28m
↓ 22% vs target
Recent Alerts
[CRITICAL] Mimikatz detected on WS-FINANCE-04 2 min ago
[HIGH] Brute force attempt from 185.220.101.47 8 min ago
[HIGH] Suspicious PowerShell execution on SRV-DB-01 15 min ago
[MEDIUM] DNS tunneling pattern detected 32 min ago
[MEDIUM] Unusual outbound traffic to 91.215.85.22 1 hour ago

IR Workflow: Detection to Remediation

6 fase standar yang diotomasi oleh CyberDeck. Klik pada tool untuk langsung membuka.

PHASE 01
Preparation
Setup baseline, configure SIEM rules, train team.
PHASE 02
Identification
Deteksi anomali via log correlation dan threat intel.
PHASE 03
Containment
Isolasi sistem terinfeksi, block IOC di firewall.
PHASE 04
Eradication
Hapus malware, patch vulnerability, reset credential.
PHASE 05
Recovery
Restore system dari backup bersih, monitor ketat.
PHASE 06
Lessons Learned
Post-incident report, update playbook, share intel.

Tactic Coverage Matrix

CyberDeck mencakup seluruh 14 tactic dalam MITRE ATT&CK framework. Klik untuk expand teknik.

Reconnaissance
TA0043
  • Active Scanning
  • Gather Victim Info
  • Search Open Websites
Initial Access
TA0001
  • Phishing
  • Exploit Public-Facing App
  • Valid Accounts
Execution
TA0002
  • Command & Scripting
  • User Execution
  • Scheduled Task
Persistence
TA0003
  • Registry Run Keys
  • Scheduled Task
  • Web Shell
Privilege Escalation
TA0004
  • Abuse Elevation Control
  • Boot or Logon Autostart
Defense Evasion
TA0005
  • Impair Defenses
  • Indicator Removal
  • Obfuscated Files
Credential Access
TA0006
  • OS Credential Dumping
  • Brute Force
  • Input Capture
Discovery
TA0007
  • Account Discovery
  • System Network Config
  • File & Directory Discovery
Lateral Movement
TA0008
  • Remote Services
  • Internal Spearphishing
Collection
TA0009
  • Data from Local System
  • Screen Capture
  • Audio Capture
Command & Control
TA0011
  • Application Layer Protocol
  • Encrypted Channel
  • DNS
Exfiltration
TA0010
  • Exfil Over C2 Channel
  • Automated Exfiltration
Impact
TA0040
  • Data Encrypted
  • Account Access Removal
  • Service Stop

SIGMA Rule Library

Detection rules siap pakai. Klik untuk expand YAML, copy untuk pakai di SIEM kamu.

win_brute_force.yml
HIGH
Detect 5+ failed login dalam 5 menit dari IP yang sama
title: Windows Brute Force id: 5d123456-1234-1234-1234-123456789abc status: stable level: high description: Detects multiple failed logins from same IP logsource: product: windows service: security detection: selection: EventID: 4625 condition: selection | count() by SourceIP > 5 in 5m falsepositives: - VPN users - Service accounts
win_mimikatz.yml
CRITICAL
Detect credential dumping via Mimikatz patterns
title: Mimikatz Detection id: a6234567-2345-2345-2345-23456789abcd status: stable level: critical description: Detects Mimikatz usage patterns logsource: product: windows service: sysmon detection: selection: EventID: 10 TargetImage|contains: lsass.exe GrantedAccess: '0x1010' condition: selection falsepositives: - Legitimate admin tools
win_susp_powershell.yml
HIGH
Detect encoded PowerShell command execution
title: Suspicious PowerShell id: b7234567-3456-3456-3456-3456789abcde status: stable level: high description: Detects encoded PowerShell commands logsource: product: windows service: powershell detection: selection: EventID: 4104 ScriptBlockText|contains: - '-enc ' - '-encodedcommand ' - 'frombase64' condition: selection
dns_tunneling.yml
MEDIUM
Detect DNS tunneling via high entropy subdomains
title: DNS Tunneling Detection id: c8234567-4567-4567-4567-456789abcdef status: stable level: medium description: Detects DNS tunneling patterns logsource: category: dns detection: selection: query_length|gt: 50 subdomain_entropy|gt: 3.5 condition: selection falsepositives: - CDN queries - Long subdomain services

IOC Quick Lookup

Paste IP, domain, atau hash untuk analisis cepat. (Simulasi - data demo)

❯ IOC Input

Type: -
Threat Level: -
First Seen: -
Last Seen: -
Tags: -
Country: -

Threat Intel Feeds

Sumber intel terintegrasi. Klik untuk kunjungi sumber asli.

Executive & Technical Reports

Template laporan profesional sesuai standar compliance.

[NIST]
NIST SP 800-61
Template incident report sesuai standar NIST untuk federal agencies.
[ISO]
ISO 27001
Format laporan untuk audit ISMS dan compliance certification.
[EXEC]
Executive Summary
Laporan non-teknis untuk C-level. Fokus pada business impact.
[TECH]
Technical Deep-Dive
Laporan detail untuk engineer. Include IOC, timeline, dan remediation steps.

Related Playbooks

Playbook terkait untuk pendalaman materi.

Ready to level up your SOC?

Deploy CyberDeck Blue Team Edition dan tingkatkan MTTD hingga 80%.

[?] Keyboard Shortcuts
Navigation
Open Command Palette
CtrlK
Go to Blue Team
gb
Ctrl+K Commands ? Shortcuts