Lesson 3 of 7
In Progress

Applying Service-Driven Model to SOC

Monitoring & Detection

  • Input: Logs, Threat Intelligence
  • Process: Correlation, enrichment
  • Output: Alerts

Threat Intelligence

  • Input: OSINT, Commercial, Internal Data
  • Process: Analysis
  • Output: Feeds, Advisories

Malware Analysis

  • Input: Malware sample
  • Process: Analysis
  • Output: Malware Analysis Report

Forensics Analysis

  • Input: Forensic images, Memory dumps
  • Process: Analysis
  • Output: Forensic Analysis Report

Incident Response

  • Input: Incident Analysis Outcome
  • Process: Containment & Recovery
  • Output: After-Event Report

Metrics & Reporting

  • Input: Data from varied systems
  • Process: Correlation, Analysis
  • Output: Dashboards, Reports

Compliance

  • Input: Current State
  • Process: Assessment, Assurance
  • Output: Reports, Recommendations

Service Management

  • Input: Service Requests
  • Process: Service Provision
  • Output: Service Catalogue