From my Gartner Blog - Are Security Monitoring Alerts Becoming Obsolete?
blog.securitybalance.com
If I ask anyone working on a SOC about a high level description of their monitoring process, the answer will most likely look like this: “The SIEM generates an alert, the first level analyst validates it and send it to the second level. Then…” Most SOCs today work by putting their first level analysts – the most junior analysts, usually assigned to be the 24×7 eyes on console – parsing the alerts generated by their security monitoring infrastructure and deciding if that’s something that needs action by the more experienced/skilled second level. There is usually some prioritization on the alerts with the assignment of severity levels, reminiscent from old syslog severity labels such as CRITICAL, WARNING, INFORMATIONAL, DEBUG.
From my Gartner Blog - Are Security Monitoring Alerts Becoming Obsolete?
From my Gartner Blog - Are Security…
From my Gartner Blog - Are Security Monitoring Alerts Becoming Obsolete?
If I ask anyone working on a SOC about a high level description of their monitoring process, the answer will most likely look like this: “The SIEM generates an alert, the first level analyst validates it and send it to the second level. Then…” Most SOCs today work by putting their first level analysts – the most junior analysts, usually assigned to be the 24×7 eyes on console – parsing the alerts generated by their security monitoring infrastructure and deciding if that’s something that needs action by the more experienced/skilled second level. There is usually some prioritization on the alerts with the assignment of severity levels, reminiscent from old syslog severity labels such as CRITICAL, WARNING, INFORMATIONAL, DEBUG.