Chapter 11. Reacting to Events and Incidents

“It’s not stress that kills us, it is our reaction to it.”—Hans Selye

At their core, every SOC is in place to provide the capability to detect and investigate events, identify potential security incidents, and respond to such incidents as they occur. As discussed in previous chapters, whether the SOC can provide these services effectively depends on great people, good supporting process, and well-deployed and managed technologies.

In this chapter, you learn how the people, processes, and technology parts of an effective SOC come together to react to events and incidents. The chapter examines what events are in the context of a SOC and the different ways we look at such events to determine whether they ...

Get Security Operations Center: Building, Operating and Maintaining your SOC now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.