What’s New: Azure Sentinel – SOC Process Framework 8 Part Video Series!

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

SOCProcessFrameworkVideoSeries.png

 

In this 8 part video series learn how to use the SOC Process Framework to manage your security team or Security Operations Center. You will hear expert level conversations about the development and implementation of security processes and procedures. This SOC-in-a-box approach provides easy to customize workflows and a standards-based framework to help you implement and continuously improve the multiple processes and procedures required by any modern security operations team.

 

The SOC Process Framework Workbook is available in the Azure Sentinel Workbook Gallery:

 

WorkbookGallery.png

 

Video 1 of an 8 Part Video Series : SOC Process Framework – Overview of the SOC Process Framework

Teaser – An introduction to the SOC Process Framework and why it was developed.

Message – A conversation between Rin Ure, author of the SOC Process Framework, and Mark Simos, Lead Cyber Security Architect, to provide an overview of the SOC Process Framework and its key components. Rin walks through this Azure Sentinel Workbook and provides information on how you can implement and customize it to implement and mature any sized security team or full-scale Security Operations Center, using industry standards and recommendations.

 

Rin_Ure_2-1629747343989.png Video 1 Link – https://youtu.be/RnPMwy7AoS0 

 

Video 2 of an 8 Part Video Series : SOC Process Framework – High Level Topics

Teaser – How to customize and get started with the SOC Process Framework.

Message – Rin discusses using the editing capabilities to customize the workbook. Topics include Internal Contacts, SOC Roles and Responsibilities, Tools and Resources, and the Microsoft Learn built-in resources.

 

Rin_Ure_3-1629747378837.png Video 2 Link – https://youtu.be/JYj2_0fF0PY 

 

Video 3 of an 8 Part Video Series : SOC Process Framework – Incident Response Framework & Procedures

Teaser – Deep dive into the Incident Response Framework.

Message – Rin provides a detailed explanation of the Incident Response Framework, how to work an incident between support groups, and focusing on critical outcomes. Understand why it is necessary to use tags, comments, and bookmarks in the incident to speed up the investigation and ensure measurable KPIs. Learn about the importance of a Shift Log to ensure consistency between SOC teams and following an incident from response to remediation and recovery.

 

Rin_Ure_4-1629747400187.png Video 3 Link – https://youtu.be/zmEmREqCRcY 

 

Video 4 of an 8 Part Video Series : SOC Process Framework – Analytical Processes & Procedures

Teaser – Processes and procedures required to improve incident response.

Message – Rin provides a rundown of the various SOC Analytical Processes and Procedures provided in the workbook. These procedures cover the ability to triage, investigate, and hunt.

 

Rin_Ure_5-1629747413201.png Video 4 Link – https://youtu.be/pgcMsv39090 

 

Video 5 of an 8 Part Video Series : SOC Process Framework – Operational Processes & Procedures – Part A

Teaser – Document and improve critical teamwork procedures (Part A).

Message – Learn about the core definition of operational processes and procedures for any sized security team. Define your service level agreements, criticality, and procedures for urgency and expedited escalation. Learn about some advanced features, such as search and investigation graph, to improve the investigation process.  In this extended session you will also learn about using Microsoft Teams integration to automate the process and collaboration required for incident response. Rin walks through an example triage process, adding tags and custom status flags to improve the engineering process and automation capabilities.

 

Rin_Ure_6-1629747448198.png Video 5a Link – https://youtu.be/J1uUSQTWskU 

 

Video 5 of an 8 Part Video Series : SOC Process Framework – Operational Processes & Procedures – Part B

Teaser – Document and improve critical teamwork procedures (Part B).

Message – Rin defines how SOC teams work on shifts and with other teams, create reports and use these insights to improve SOC processes and procedures to ensure strong teamwork and an optimal working environment for this business-critical capability.

 

Rin_Ure_7-1629747460653.png Video 5b Link – https://youtu.be/HE_sAiJXPqY 

 

Video 6 of an 8 Part Video Series : SOC Process Framework – Business Processes & Procedures

Teaser – Develop and improve the efficiency and efficacy of security operations.

Message – Learn about how to define and track business metrics using the SOC Efficiency Metrics workbook. Understand how Agile SOC Operations can drive continuous improvements to detection and response capabilities. This session also covers the need to document standards, policies, and processes, especially useful for compliance audits.

 

Rin_Ure_8-1629747474457.png Video 6 Link – https://youtu.be/gRwaqzo91XU 

 

Video 7 of an 8 Part Video Series : SOC Process Framework – Technology Processes & Procedures

Teaser – Define and improve the security technology design and architecture.

Message – Rin and Richard explain why and how to document design processes, technology architectures, identify technology owners, and review regularly to ensure optimal performance for security operations. This session also covers the importance of documenting best practices for developing rule queries, alert enrichment, incident creation and other core components of technology configuration.

 

Rin_Ure_9-1629747478191.png Video 7 Link – https://youtu.be/CKNVFHchWh4 

 

Video 8 of an 8 Part Video Series : SOC Process Framework – SOC Actions

Teaser – Dynamic provisioning of action steps for every incident using watchlists and an Automated Playbook.

Message – Rin provides a demonstration and walk-through guide for creating dynamic updates to incidents. This solution is created using a playbook and custom watchlists that can associate specific steps to each incident type as it is generated, helping to optimize the Security Analysts triage process. You can customize this approach for your environment and extend this idea for your other uses.

 

Rin_Ure_10-1629747493903.png Video 8 Link – https://youtu.be/c3VnQPYEIDY 

 

I look forward to reading your comments and hearing your feedback regarding this comprehensive video series.

 

Reviewers:

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.