Analysts can flexibly use some or all of the available tools to triage and investigate incidents. Microsoft Sentinel offers a range of tools that map to a typical analyst workflow, from incident assignment to closure. This article describes how to update your SOC and analyst processes as part of your migration to Microsoft Sentinel. To successfully migrate to Microsoft Sentinel, you need to update not only the technology that the SOC uses, but also the SOC tasks and processes. The teams then co-relate and analyze the data, to determine how to manage the data and which actions to take. SOC teams use telemetry from across the organization's IT infrastructure, including networks, devices, applications, behaviors, appliances, and information stores. SOC teams, led by a SOC manager, may include incident responders, SOC analysts at levels 1, 2, and 3, threat hunters, and incident response managers. The SOC collaborates the organizational efforts to monitor, alert, prevent, detect, analyze, and respond to cybersecurity incidents. A SOC implements the organization's overall cybersecurity framework. A security operations center (SOC) is a centralized function within an organization that integrates people, processes, and technology.
0 kommentar(er)
