Azure-Sentinel/Solutions/SOC-Process-Framework
v-sudkharat f084e72204 Updating ReleaseNotes 2023-08-01 12:20:13 +05:30
..
Package Update branding 2023-07-17 16:04:47 +05:30
Playbooks update readme 2023-05-03 11:35:03 +01:00
Watchlists update to SOCProcess soltuon and playbook Get-Sent 2023-04-21 15:57:58 +01:00
Workbooks Renamed Azure Sentinel to Microsoft Sentinel 2022-08-18 15:11:27 +05:30
data Update logo 2023-07-12 20:36:21 +05:30
README.md Updated SOC-Process-Framework Content 2022-03-21 17:09:23 -06:00
ReleaseNotes.md Updating ReleaseNotes 2023-08-01 12:20:13 +05:30
SOCProcessFrameworkSolutionLanding.png Updated SOC-Process-Framework Content 2022-03-21 17:09:23 -06:00
SolutionMetadata.json SOCMA Package updates and workbook interlinking 2022-07-29 18:27:32 +05:30

README.md

SOC Process Framework Solution for Microsoft Sentinel

Author: Rin Ure

SOC Process Framework

Table of Contents

  1. Overview
  2. Workbooks
  3. Watchlists
  4. Playbooks
  5. Post Deployment Steps

Overview

This Solution contains all resources for the SOC Process Framework Microsoft Sentinel Solution. The SOC Process Framework Solution is built in order to easily integrate with Microsoft Sentinel and build a standard SOC Process and Procedure Framework within your Organization.

By deploying this solution, you'll be able to monitor progress within your SOC Operations and update the SOC CMMI Assessment Score. This solution consists of the following resources:

  • Integrated workbooks interconnected into a single workbook for single pane of glass operation.
  • One Playbook for pushing SOC Actions to your Incidents.
  • Multiple Watchlists helping you maintain and organize your SOC efforts, including IR Planning, SOC CMMI Assessment Score, and many more.

Workbooks

The workbooks contained in this solution have visualizations about the SOC Progress, Procedures, and Activity and provides an overview of the overall SOC Maturity. These workbooks and their dependances are deployed for you through this solution.

Watchlists

The watchlists contained within this solution have information that pertain to Incident Response Planning, the SOC Maturity (CMMI) Scoring, Recommended SOC Actions, and more... All of these watchlists give the customer ease of access to updating pertanant information regarding their SOC Operations and more.

Playbooks

Currently the only Playbook in this solution is the Get-SOCActions Playbook for delivering custom Analyst Actions to take per Incident. This allows Organizations the ability to create/add their own scripted actions they want an Analyst to take. After deploying this Solution, please see the Post-Deployment Instructions before running the Playbook.

Post-Deployment Instructions

After deploying this Solution and its associated playbook, you must authorize the connections leveraged within the Playbook before running.

  1. Visit the playbook resource.
  2. Under "Development Tools" (located on the left), click "API Connections".
  3. Ensure each connection has been authorized.

Note: If you've deployed the [SOC Process Framework Playbook](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SOC Process Framework/Playbooks/Get-SOCActions/azuredeploy.json) playbook, you will only need to authorize the Microsoft Sentinel connection.