SIEM, Security Analytics and Alert Triage
What Can You Expect?
Automated alert ingest and pre-processing
If you’re working with security tools from different vendors, you know that they each “score” the severity of alerts differently, as well as produce alerts in different formats. SOC.OS assigns a base score to each alert it ingests, normalising across systems.
Automated enrichment and scoring
SOC.OS goes on to further standardise the alerts it ingests by mapping to the MITRE ATT&CK® framework, translating the different formats into a common language. Third party threat intelligence and custom user enrichment is applied to each incoming alert and informs SOC.OS’s own scoring algorithm.
Correlation and prioritisation
SOC.OS’s correlation engine groups alerts through time based on shared threats and entities. This process allows us to consistently achieve over a 90% triage volume reduction for our users(!). Correlated alert clusters are prioritised before being presented to you for investigation.
It’s really that simple. Typically installed in under two hours, with zero maintenance from that point, SOC.OS helps security teams to sort the signal from the noise.
The SOC.OS environment has been penetration tested by an independent CREST certified team and a full Privacy Impact Assessment (PIA) has been conducted.