Professional Documents
Culture Documents
08. Thành phần quan trọng cho một SOC hiệu quả Threat Intelligence Platform - vCyber - Final
08. Thành phần quan trọng cho một SOC hiệu quả Threat Intelligence Platform - vCyber - Final
Network/Host
MATURITY
Capability
Sandbox
Artifacts Difficult • Close ties with Incident
Response and Threat Hunting
Host & Network Artifacts
TIP Unifies external and internal intelligence for higher confidence and better decision making, integrated with security technologies.
by TIP Intelligence
Playbooks driven
Sighting Events
Better Leverage
CTI Team SOC Team IR Blue Team
Resources
CTI Mgt Triage Forensics Defence Mgt
Sharing Incident Response Vuln Mgt
Improve
Threat Hunting Collaboration and
Communication
SOC Analysts SIEM XDR Devices
Reduce Overall Risk
Logs & Alerts
Success Criteria 1: Understand the Stakeholder / Customer Needs
You must:
=
• Follow the Intelligence Lifecycle. Feed back is the most important step! Garbage Garbage
In Out
Success Criteria 2: Lay the Foundations for Automation
GOAL: Automate the basics so analysts can spend more time on higher value tasks.
• Enrichment: Check additional sources for available context. Be selective about what
you enrich. Don’t enrich everything.
• Scoring and Prioritisation: Don't overwhelm stakeholders with too much information.
Only hold what’s relevant and actionable.
• Lifecycle management of IOCs: Ensure IOCs are appropriately vetted prior to use,
and timely as stale IOCs will cause problems.
GOAL: Replace impractical systems that did not support their requirements
and workflows.