This service includes the following:
The selection of possible SIEM use cases is vast. A company must, therefore, know exactly which SIEM use cases make sense for the company’s threats. The use cases should be selected based on risk.
The scope of the service includes the conception, planning, and control of the SIEM expansion project according to existing specifications and goals. After a structured collection and collection of threats and attack vectors for the company, security-critical events are derived.
Using these use cases is selected that best covers the identified scenarios. These are compared with the existing use cases in order to avoid multiple covers. After the new use cases to be implemented have been selected, we create an implementation plan that prioritizes the implementation of the use cases according to the level of risk. In the course of the implementation, missing event sources will be connected to the SIEM. The implementation takes place with close coordination with the departments concerned, the works council, and, if applicable, data protection.
Runbooks are created so that the alarms triggered by use cases can also be processed efficiently and in a standardized manner. The runbooks serve as a process for the L1 analysts in the SOC. Use cases with similar process steps are summarized in the same runbooks. In addition to specific process steps, the runbooks also contain escalation levels for processing incidents that have occurred.