I am excited to announce that the SOC Process Framework has been updated and moved into Sentinel's Content Hub for installation across multiple workbooks, watchlists, and the amazing Get-SOCActions Playbook for analyst actions to be taken during Triage and Investigation.
When you click on the SOC Process Framework Tile in Content Hub, you will see the Description details, as well as the content associated with the Framework, i.e. (7) Workbooks, (12) Watchlists, (1) Playbook.
By clicking on the "Install" button, you will be prompted to follow the on-screen instructions.
This Content Hub Solution contains all resources for the SOC Process Framework Microsoft Sentinel Solution. The SOC Process Framework Solution is built in order to easily integrate with Microsoft Sentinel and build a standard SOC Process and Procedure Framework within your Organization.
By deploying this solution, you'll be able to monitor progress within your SOC Operations and update the SOC CMMI Assessment Score. This solution consists of the following resources:
The workbooks contained in this solution have visualizations about the SOC Progress, Procedures, and Activity and provides an overview of the overall SOC Maturity. These workbooks and their dependances are deployed for you through this solution.
NOTE: Be aware that after you have installed the workbooks, you must save the workbooks and edit the Watchlist Queries and run them, so they initialize for the framework to leverage the applied watchlists.
Please use the steps below to initialize the Watchlist Queries. |
Step 1. Save and Open the Workbook, "Update SOC Maturity Score".
Step 2. Edit Workbook and click the Edit button to open the pills.
Step 3. Click the box next to Watchlist.
Step 4. Click the pencil icon to open the Settings Context Pane.
Step 5. Click the "Run Query" button to execute the query and initialize the link between the workbook and the watchlists.
Step 6. Click the "Save" Icon to save these settings.
Step 7. Click Done Editing in the Workbook.
Step 8. Click the "Save" Icon in the Workbook to save the Workbook.
Step 9. Repeat Steps for the Workbooks called out below.
Repeat this process for the following Workbooks:
The watchlists contained within this solution have information that pertain to Incident Response Planning, the SOC Maturity (CMMI) Scoring, Recommended SOC Actions, and more... All of these watchlists give the customer ease of access to updating pertinent information regarding their SOC Operations and more.
Currently the only Playbook in this solution is the Get-SOCActions Playbook for delivering custom Analyst Actions to take per Incident. This allows Organizations the ability to create/add their own scripted actions they want an Analyst to take. After deploying this Solution, please see the Post-Deployment Instructions before executing the Playbook.
After deploying this Solution and its associated playbook, you must authorize the connections leveraged within the Playbook before running.
Note: If you've deployed the [SOC Process Framework Playbook](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SOC Process Framework/Playbooks/Get-SOCActions/azuredeploy.json) playbook, you will only need to authorize the Microsoft Sentinel connection.
Now that I have covered the installation of this framework, let's get to the content updates that have been made to this solution as a whole that I know you will be excited to learn more about!
This solution contains a large number of updates:
This solution is supported by Microsoft Support and will be updated regularly with new content. We hope you enjoy the new version of the SOC Process Framework and that it will help you to mature your businesses SOC Operations!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.