Solution Series for the SOC Automation Series
Welcome to the SOCAUTOMATORS series on automating your security operations center. This series of blog posts will help you understand the value of assigning scores to your incidents and serves as an introduction to the Microsoft Sentinel Triage Assistant solution.
88 percent of organizations receive up to 500 alerts per day that are classified as “severe” or “critical”. And 67 percent of those organizations were only able to investigate 10 or fewer of those severe events per day. How can anyone possibly keep up?
This series of posts will show you one possible method to look at alerts/incidents and decide which ones are the most important for your environment. We advocate a “Risk Scoring” of incidents/alerts methodology. Scoring based upon risk, will bring those incidents that need your attention first to the top of your SOC queue. The remaining incidents/alerts can be automatically closed and/or held for review during defined hunting efforts.
Series Posts
Automate your SOC – Let’s talk about STAT, baby
Automate your SOC – Noise is the enemy of speed
Automate your SOC – Risky Business
Automate your SOC – Oh, that user again?
Automate your SOC – Rise of the machine (risk)
Automate your SOC – Is there anything else going on?
Automate your SOC – Known Badness
Automate your SOC – Welcome to the VIP Room
You must log in to post a comment.