Automate your SOC – All in One

Solution Series for the SOC Automation Series

Welcome to the SOCAUTOMATORS series on automating your security operations center. This series of blog posts will help you understand the value of assigning scores to your incidents and serves as an introduction to the Microsoft Sentinel Triage Assistant solution.

88 percent of organizations receive up to 500 alerts per day that are classified as “severe” or “critical”. And 67 percent of those organizations were only able to investigate 10 or fewer of those severe events per day. How can anyone possibly keep up?

This series of posts will show you one possible method to look at alerts/incidents and decide which ones are the most important for your environment. We advocate a “Risk Scoring” of incidents/alerts methodology. Scoring based upon risk, will bring those incidents that need your attention first to the top of your SOC queue. The remaining incidents/alerts can be automatically closed and/or held for review during defined hunting efforts.

Series Posts

Welcome to…the SOCAutomators

Automate your SOC

Automate your SOC – Let’s talk about STAT, baby

Automate your SOC – Noise is the enemy of speed

Automate your SOC – Risky Business 

Automate your SOC – Oh, that user again?

Automate your SOC – Rise of the machine (risk) 

Automate your SOC – Is there anything else going on?

Automate your SOC – Known Badness

Automate your SOC – Welcome to the VIP Room