SIEM Report to SOC | Voters

SIEM Report to SOC

under review

Hans'la Schmidt'la

It would be nice to have the ability to submit SIEM logs to the SOC for review in the event it was missed by AI or Human the first time.

July 16, 2024

Chris Bisnett

marked this post as

under review

Chris Bisnett

I like this idea! We don’t yet have a workflow for this type of interaction with the SOC, but this sounds really interesting as long as it doesn’t get out of hand. We don’t want our SOC chasing ghosts, but this would be a much better experience than having to send an email to support and try to relay the data through them.

Hans'la Schmidt'la

Chris Bisnett I agree and i believe users should also list a reason why they believe the SOC should review the selected logs. Might even have the AI go through it first and doing a criticality rating.