Solution Series for the SOC Automation Series
Welcome to the SOCAUTOMATORS series on automating your security operations center. This series of blog posts will help you understand the value of assigning scores to your incidents and serves as an introduction to the Microsoft Sentinel Triage Assistant solution.
88 percent of organizations receive up to 500 alerts per day that are classified as “severe” or “critical”. And 67 percent of those organizations were only able to investigate 10 or fewer of those severe events per day. How can anyone possibly keep up?
This series of posts will show you one possible method to look at alerts/incidents and decide which ones are the most important for your environment. We advocate a “Risk Scoring” of incidents/alerts methodology. Scoring based upon risk, will bring those incidents that need your attention first to the top of your SOC queue. The remaining incidents/alerts can be automatically closed and/or held for review during defined hunting efforts.