This template provides one of the many options to format standard weekly and/or monthly report produced by the SOC. This report looks at the overall performance of the SOC based on four criteria:
- Information Dissemination
The following KPIs and associated Metrics are considered to be vital while ascertaining the overall performance of the SOC.
- Security Advisories: Lists the details around the advisories issued by the SOC per priority.
- Training Support: Lists the details around the training and awareness initiatives during the said period. The total coverage spreads on X number of workshops with listed participation of Y number of participants spread across the organisation.
- Security Advisories segregated by Categories: The issued advisories are segregated as below based on top seven (7) categories further distinguished by their respective priorities:
- Prioritized View of Incidents per Vendor: An account of a number of incidents per third party vendor further distinguished by the respective incident priority level.
- Top Five Prioritized Sources of Vulnerabilities by Vendor: Shows the top five vulnerabilities by the vendor.
- Endpoint Detection Metrics for Email Gateway: The account of email infrastructure-related detection provided by the Endpoint solution. It is common to see a high number of malware detection levels at the Gateway with a gradual drop in the number of malicious software eventually making past to the recipient.
- Application Vulnerabilities distributed by Type uncovered through Penetration Testing, Exploit News or Vendor Notification. The classification usually follows the OWASP Top 10 which represents a broad consensus about the most critical web and mobile application security flaws.
- Top 10 Triggered SIEM Rules
- Top 10 SIEM Rules with Highest False Positive Ratio
- Criticality of Responses
- Open Incidents per Month (new incidents)
- Top 10 Targets usually the ones accessible from the outside world.
- Web Applications
- Wireless Network
- Intrusion Detection System (IDS)
- Intrusion Prevention System (IPS)
- Spear Phishing Campaigns
- Cloud-based Payroll Server
- Email Gateway
- Internet Webservers
- Average Number of Log Events per Second (EPS) is a performance metric to demonstrate the log throughput, consumption per second, event and incident correlation.
- Endpoint Detection Metrics
This shows the efficacy of the SOC in terms of information sharing with the internal and external customers as appropriate.
- Top 5 origins of the inbound information requests distributed by month
- Total Number and trend of Security Advisories issued.