tjemideGH
commented
3 days ago I am currently reviewing the incident logs.
Open darren1988 opened 4 days ago
tjemideGH
commented
3 days ago I am currently reviewing the incident logs.
User Story
As a Security Operations Centre (SoC), I want to collect and centralise security logs from all relevant systems, applications, and network devices, so that we have a unified source of data for threat detection, correlation, and analysis.…
Value / Purpose
The centralisation of security logs provides a comprehensive overview of our security posture, enabling the Security Operations Centre (SoC) to:
Enhance Threat Detection: By aggregating logs from various sources, we can identify patterns and anomalies that may indicate potential security threats more effectively.
Improve Incident Response: Centralised logs allow for quicker analysis and response to incidents, minimising potential damage and downtime.
Facilitate Compliance: A unified log source helps ensure that we meet regulatory requirements and industry standards for security monitoring and reporting.
Support Forensic Investigations: In the event of a security breach, having all relevant logs in one place allows for thorough investigations and root cause analysis.
Enable Correlation of Events: By correlating logs from different systems, we can gain insights into complex attack vectors and multi-stage attacks that would be difficult to detect in siloed environments.
No response
Useful Contacts
Tevin Jemide & Darren Rooke
User Types
No response
Hypothesis
If we... [do a thing] Then... [this will happen]
Proposal
No response
Additional Information
No response
Definition of Done
Example - [ ] Documentation has been written / updated