Daily Monitoring Report

As you know, triaging and investigating case/alert is essential for a SOC Analyst or any security analyst related but that is reactive and depend on alerts and good detection.

Why you should do Daily Monitoring Report

Developing or creating a set of questions that ask 5W on your environment or customer environment that you are monitored benefits you these things:

• Good hygiene when you get to review your security tools and event quite frequently -> could catch the bad guys way faster -> Faster dwell time (I don't guarantee 😄this)

How to do it

Create a list consisting of these questions, you can add your own question or anything you like but the core would be this stuff

Network Monitoring

• The volume of public servers that trigger alarms

• How many bytes that being exfiltrated out of the network and which hosts are doing that

Host Monitoring

• Which host has the most alert (optional)