New Blog Post | Who Watches the SOC Team? Enabling Audit/Risk Teams to Monitor the SOC

%3CLINGO-SUB%20id%3D%22lingo-sub-2384742%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Who%20Watches%20the%20SOC%20Team%3F%20Enabling%20Audit%2FRisk%20Teams%20to%20Monitor%20the%20SOC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2384742%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JasonCohen1892_0-1621962687687.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F283631iF1C855B571563FB3%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JasonCohen1892_0-1621962687687.png%22%20alt%3D%22JasonCohen1892_0-1621962687687.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fwho-watches-the-soc-team-enabling-audit-risk-teams-to-monitor%2Fba-p%2F2355735%22%20target%3D%22_blank%22%3EWho%20Watches%20the%20SOC%20Team%3F%20Enabling%20Audit%2FRisk%20Teams%20to%20Monitor%20the%20SOC%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThis%20blog%20is%20going%20to%20be%20discussing%20methods%20to%20monitor%20the%20actions%20of%20the%20SOC%20team%20from%20a%20risk%20and%20auditing%20standpoint.%20There%20is%20a%20need%20in%20the%20field%20for%20monitoring%20actions%20performed%20by%20the%20SOC%20engineers%20in%20an%20environment.%20Currently%2C%20the%20Log%20Analytics%20workspace%20saves%20queries%20performed%20by%20users%20within%20the%20environment.%20As%20an%20auditor%20or%20risk%20assessment%20user%2C%20the%20queries%20performed%20for%20reporting%20should%20not%20be%20seen%20by%20the%20SOC%20team%20and%20need%20to%20be%20masked%20or%20hidden.%20Log%20Analytics%20does%20not%20allow%20for%20that%20type%20of%20functionality.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EOriginal%20Post%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-compliance-and-identity%2Fnew-blog-post-who-watches-the-soc-team-enabling-audit-risk-teams%2Fm-p%2F2384731%23M5868%22%20target%3D%22_blank%22%3ENew%20Blog%20Post%20%7C%20Who%20Watches%20the%20SOC%20Team%3F%20Enabling%20Audit%2FRisk%20Teams%20to%20Monitor%20the%20SOC%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

JasonCohen1892_0-1621962687687.png

Who Watches the SOC Team? Enabling Audit/Risk Teams to Monitor the SOC - Microsoft Tech Community

This blog is going to be discussing methods to monitor the actions of the SOC team from a risk and auditing standpoint. There is a need in the field for monitoring actions performed by the SOC engineers in an environment. Currently, the Log Analytics workspace saves queries performed by users within the environment. As an auditor or risk assessment user, the queries performed for reporting should not be seen by the SOC team and need to be masked or hidden. Log Analytics does not allow for that type of functionality.

 

Original Post: New Blog Post | Who Watches the SOC Team? Enabling Audit/Risk Teams to Monitor the SOC - Microsoft T...

0 Replies