Are you planning a SOC or SIEM project?
And are you looking for the right kick-off?
SOC Workshop with Use Case & Attack Scenarios
SOC projects are complex. Resources are scarce and time is of the essence. Where to start?
Connection between SOC and Use Cases
Before you can build a SOC solution, you need to know which scenarios are important for you, i.e. which attacks you have to expect and which use cases are suitable for your company.
Don't waste time - use resources cleverly
Don't lose any time by defining use cases yourself. Based on the experience of more than 100 SIEM & SOCP projects, terreActive has developed a standard method to implement the right Use Cases for every company. We have a data base of around 200 use cases at our disposal. Take advantage of this.
Start your SOC project with a workshop
- In the workshop, we work with you to determine which use cases are relevant for your company, tailored to your circumstances, compliance requirements and resources.
- We help you to determine the need for logs, tools and resources from the use cases.
- Together, we will outline what a SIEM or SOC project could look like for you.
What is a Use Case?
A use case defines an attack. Multiple use cases can be linked by a security monitoring solution (e.g. SIEM, Vectra) to detect an actual attack on the customer's infrastructure.
Possible category Cyber Kill Chain
When setting up a SIEM, it must be ensured that all phases of an attack are covered. If you concentrate on only one part, the risk of an attack remaining undetected increases. Therefore we divide the Use Cases into different categories, which correspond to the respective attack phase of an attack, the Cyber Kill Chain.
Possible additional categories: NIST, FINMA, ISO
These are additional categories that can be used to select the use cases that are important to you. As soon as we know which standards are relevant for you, we can make recommendations for the use cases for your project.
Finding your topic with hands-on experienced play cards
In this way, you will be introduced to the topic with practical help without having to do much preparatory work yourself. You simply bring along a list of the log sources that you already use and define your most important sensitive data in advance.
Please allow one working day for the joint workshop. In addition, there is one day each for preprocessing and postprocessing by terreActive.
We would be pleased to inform you without obligation about
- Procedure and method
- Output, results and benefits
- Preparatory works
- Duration of the workshop