O'Reilly logo

Security Operations Center: Building, Operating and Maintaining your SOC by Joey Muniz, Nadhem AlFardan, Gary McIntyre

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 11. Reacting to Events and Incidents

“It’s not stress that kills us, it is our reaction to it.”—Hans Selye

At their core, every SOC is in place to provide the capability to detect and investigate events, identify potential security incidents, and respond to such incidents as they occur. As discussed in previous chapters, whether the SOC can provide these services effectively depends on great people, good supporting process, and well-deployed and managed technologies.

In this chapter, you learn how the people, processes, and technology parts of an effective SOC come together to react to events and incidents. The chapter examines what events are in the context of a SOC and the different ways we look at such events to determine whether they ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required