Tuesday, May 13, 2014

SOC Analyst - How not to miss alerts (and get blamed)


Normally, you find a lot of unwanted information related to SOC, this article provides some nice advice without all the fluff.



According to the article:-


  1. Since many SOC analysts are new to this field, add documentation to signatures so they can fully understand their context and can more easily identify when they should ask for help.
  2. Tune out noisy alerts by providing a mechanism for analysts to easily flag them in the course of their daily duties and setting up a regular meeting to review submitted alerts.
  3. Let analysts focus on their job of analyzing alerts and not side tasks outside of their normal daily responsibilities.
  4. Keep analysts in the know of any incident response activities so they can better understand signature context (even if they weren’t directly involved) and gain a perspective beyond just the alert queue.
  5. Motivate analysts by giving them training that enhances their abilities in their current job and prepares them for their next one, offering small challenges to test their skills, and recognizing their successes.


The link below has more information:-

No comments:

Post a Comment