This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.
In this 8 part video series learn how to use the SOC Process Framework to manage your security team or Security Operations Center. You will hear expert level conversations about the development and implementation of security processes and procedures. This SOC-in-a-box approach provides easy to customize workflows and a standards-based framework to help you implement and continuously improve the multiple processes and procedures required by any modern security operations team.
The SOC Process Framework Workbook is available in the Azure Sentinel Workbook Gallery:
Video 1 of an 8 Part Video Series : SOC Process Framework – Overview of the SOC Process Framework
Teaser – An introduction to the SOC Process Framework and why it was developed.
Message – A conversation between Rin Ure, author of the SOC Process Framework, and Mark Simos, Lead Cyber Security Architect, to provide an overview of the SOC Process Framework and its key components. Rin walks through this Azure Sentinel Workbook and provides information on how you can implement and customize it to implement and mature any sized security team or full-scale Security Operations Center, using industry standards and recommendations.
Video 2 of an 8 Part Video Series : SOC Process Framework – High Level Topics
Teaser – How to customize and get started with the SOC Process Framework.
Message – Rin discusses using the editing capabilities to customize the workbook. Topics include Internal Contacts, SOC Roles and Responsibilities, Tools and Resources, and the Microsoft Learn built-in resources.
Video 3 of an 8 Part Video Series : SOC Process Framework – Incident Response Framework & Procedures
Teaser – Deep dive into the Incident Response Framework.
Message – Rin provides a detailed explanation of the Incident Response Framework, how to work an incident between support groups, and focusing on critical outcomes. Understand why it is necessary to use tags, comments, and bookmarks in the incident to speed up the investigation and ensure measurable KPIs. Learn about the importance of a Shift Log to ensure consistency between SOC teams and following an incident from response to remediation and recovery.
Video 4 of an 8 Part Video Series : SOC Process Framework – Analytical Processes & Procedures
Teaser – Processes and procedures required to improve incident response.
Message – Rin provides a rundown of the various SOC Analytical Processes and Procedures provided in the workbook. These procedures cover the ability to triage, investigate, and hunt.
Video 5 of an 8 Part Video Series : SOC Process Framework – Operational Processes & Procedures – Part A
Teaser – Document and improve critical teamwork procedures (Part A).
Message – Learn about the core definition of operational processes and procedures for any sized security team. Define your service level agreements, criticality, and procedures for urgency and expedited escalation. Learn about some advanced features, such as search and investigation graph, to improve the investigation process. In this extended session you will also learn about using Microsoft Teams integration to automate the process and collaboration required for incident response. Rin walks through an example triage process, adding tags and custom status flags to improve the engineering process and automation capabilities.
Video 5 of an 8 Part Video Series : SOC Process Framework – Operational Processes & Procedures – Part B
Teaser – Document and improve critical teamwork procedures (Part B).
Message – Rin defines how SOC teams work on shifts and with other teams, create reports and use these insights to improve SOC processes and procedures to ensure strong teamwork and an optimal working environment for this business-critical capability.
Video 6 of an 8 Part Video Series : SOC Process Framework – Business Processes & Procedures
Teaser – Develop and improve the efficiency and efficacy of security operations.
Message – Learn about how to define and track business metrics using the SOC Efficiency Metrics workbook. Understand how Agile SOC Operations can drive continuous improvements to detection and response capabilities. This session also covers the need to document standards, policies, and processes, especially useful for compliance audits.
Video 7 of an 8 Part Video Series : SOC Process Framework – Technology Processes & Procedures
Teaser – Define and improve the security technology design and architecture.
Message – Rin and Richard explain why and how to document design processes, technology architectures, identify technology owners, and review regularly to ensure optimal performance for security operations. This session also covers the importance of documenting best practices for developing rule queries, alert enrichment, incident creation and other core components of technology configuration.
Video 8 of an 8 Part Video Series : SOC Process Framework – SOC Actions
Teaser – Dynamic provisioning of action steps for every incident using watchlists and an Automated Playbook.
Message – Rin provides a demonstration and walk-through guide for creating dynamic updates to incidents. This solution is created using a playbook and custom watchlists that can associate specific steps to each incident type as it is generated, helping to optimize the Security Analysts triage process. You can customize this approach for your environment and extend this idea for your other uses.
I look forward to reading your comments and hearing your feedback regarding this comprehensive video series.
Reviewers:
- Rin Ure (Principal Security Lead)
- My YouTube Channel: https://www.youtube.com/channel/UCQBN4fDXmXZTMib7t14fXwA
- Mark Simos (Dir Business Strategy)
- Richard Diver (Sr Business Strategy Mgr)
- Paulette Lee (CSG Mgmt)