EC-Council: Computer Hacking Forensic Investigator(CHFI-V10) |
||||
Module 1 : Computer Forensics in Today's World |
||||
| Notes available : 31 |
You are not logged in. Please Login for track your learning progress |
|||
SOC Workflow
Security Operations Center (SOC) is a centralized unit that continuously monitors and analyzes ongoing activities on an organization’s information systems such as networks, servers, endpoints, databases, applications, websites, etc. to look for anomalies
The typical SOC workflow includes the following activities:
▪ Collection: Security logs are collected and forwarded to Security Information and Event Management (SIEM).
▪ Ingestion: SIEM ingests log data, threat information, indicators of compromise, and asset inventory for machine-based correlation and anomalous activity detection.
▪ Validation: SOC analysts identify the indicators of compromise, triage alerts, and validate incidents.
▪ Reporting: Validated incidents are submitted to the incident response teams through a ticketing system.
▪ Response: The SOC team reviews incidents and performs incident response activities. Simultaneously, a digital forensics investigation team conducts a detailed forensics investigation.
▪ Documentation: In the final step, incidents are documented for business audit purposes.
 |
Go to notes |  |