This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Which extensions should be done to the technology domain?
Hi Rob,

There are a number of technologies that I think would be useful to be included in this document, below are the key ones:

EDR: This is being used more and more by SOCs for monitoring endpoints in piticular.

Threat Intelligence (TI) platforms: TI is critical to all mature SOCs. TIPs in vendorland have become a massive thing, there is also a wide range of open source tools covering this space. I personally would include TI as its own domain, but I would love at least see it included as a tool on the next SOC-CMM.

Vulnerability Management: again something that is becoming more prevalent in SOCs, at least as log source, but often being managed from the SOC as well.


Messages In This Thread
RE: Which extensions should be done to the technology domain? - by TheJulyPlot - 02-08-2022, 12:01 PM

Forum Jump:

Users browsing this thread: 1 Guest(s)