1. Security
1.1. Threat Detection
1.1.1. Malicious IP Traffic
1.1.2. Exploitations of New 0-Days
1.1.3. Beaconing Activity
1.1.4. Ransomeware
1.1.5. Spear Phishing Attempts
1.1.6. Malicious TLS Connections
1.1.7. Scans & Port-Knocking
1.1.8. Unauthorized Proxies
1.1.9. RDP/RDS Vulnerabilities
1.2. Incident Response
1.2.1. Assess Scope of Attack
1.2.2. C2 Beaconing Over DNS
1.2.3. Identify DDoS Attacks
1.2.4. Unauthorized SMB File Access
1.3. SOAR Enhancements
1.3.1. Rogue DNS Querries
1.4. Threat Hunting
1.4.1. Mismatched MIME-types
1.4.2. Malicious File Downloads
1.4.3. Protocol Abuse/Deception
1.4.4. DNS Data Exfiltration
1.5. SMB v1 USage on Network
2. NetOps
2.1. Monitoring
2.1.1. Network Performance
2.1.2. VoIP Performance
2.1.3. DNS Performance
2.1.4. Off Port Protocol Usage
2.1.5. Closed Account Activity
2.1.6. SQL Database Traffic
2.2. Troubleshooting
2.2.1. Load Balancer Performance
2.2.2. Firewall Packet Loss
2.2.3. Fragmented Network Traffic
2.3. Compliance
2.3.1. Certificate Policy Enforcement
2.3.2. Restricted Software Usage
2.3.3. Rogue Device Detection
2.3.4. Cryptomining Detection
2.3.5. Transport Encryption Compliance
2.3.6. Detect Restricted Cleartext
2.4. Fraud Detection
2.4.1. Network-to-App Correlation
2.4.2. 3rd Party Network Forensics