This is something that’s been on my mind for a long time and with an upcoming in-person conference on my docket, I figured it was time to see it through. This was a feature that was raised by a customer a couple years ago. They wanted a standard number, much like a “credit” score, that would supply them with intelligence to know their daily and weekly workload and their security stance, among other things. Like a credit score, security teams can perform activities to improve the number.
This “invention” will eventually exhibit itself in an Azure Sentinel Workbook. So, as security teams do those things the improve the numbers, they can actively watch the numbers improve.
But, to get there, I need your help with getting solid numbers to make sure my approach is correct.
So, if you believe you’re a well-oiled, high-performing Azure Sentinel SOC, please run the following queries and flash me your numbers on Twitter (@rodtrent) or send them to me over LinkedIn mail.
- Overall SOC Score: https://cda.ms/2QK
- SOC Incident Score: https://cda.ms/2QL
- SOC Severity Score: https://cda.ms/2QM
These numbers are just a sampling of what the Workbook will contain, but are the basis for everything else.
Thanks in advance for your help! And, heck, if you find a bug in my initial queries, I may even send you something.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]
[Subscribe to the Bi-Weekly Azure Security Center Newsletter]