Daily Monitoring Report

As you know, triaging and investigating case/alert is essential for a SOC Analyst or any security analyst related but that is reactive and depend on alerts and good detection.

Why you should do Daily Monitoring Report

Developing or creating a set of questions that ask 5W on your environment or customer environment that you are monitored benefits you these things:

Good hygiene when you get to review your security tools and event quite frequently -> could catch the bad guys way faster -> Faster dwell time (I don't guarantee 😄this)

How to do it

Create a list consisting of these questions, you can add your own question or anything you like but the core would be this stuff

Network Monitoring

The volume of public servers that trigger alarms
How many bytes that being exfiltrated out of the network and which hosts are doing that

Host Monitoring

Which host has the most alert (optional)

PreviousVLAN Monitoring Template NextGeneral Playbook

Last updated 2 years ago

hashtagWhy you should do Daily Monitoring Report

hashtagHow to do it

hashtagNetwork Monitoring

hashtagHost Monitoring

Why you should do Daily Monitoring Report

How to do it

Network Monitoring

Host Monitoring