2020-05-SOAR-SOC-process-list.xlsx

	A	B	C	D	E	F	L	M	N	O	P
1	Procedure	Specificity Level?	Exists?	Planned Creation Date?	Automation Candidate / Priority?	Relevant Metric / SOP
2	Steering Committee
3	Review Policy	General Steps	No	2020/08/31	None
4	Review Metrics	Exact Steps to Follow	No	2020/08/31	Lowest		Specificity:	General Steps	Steps Plus Details	Exact Steps to Follow
5	Determine SOC performance delta	Steps Plus Details	No	2020/08/31	Lowest			No	Yes
6
7							Orchestration/Automation Priority	Highest	Moderate	Lowest	None
8
9	Command Center
10	Receive Request	Steps Plus Details	No	2020/06/01	Moderate
11	Deconfliction	Exact Steps to Follow	No	2020/06/01	Lowest
12	Update Incident	Exact Steps to Follow	No	2020/06/01	Moderate
13	Direct Response Action	Exact Steps to Follow	No	2020/06/01	Lowest
14	Notify Constituents	Exact Steps to Follow	No	2020/06/01	Moderate
15	Notify Constituents - General Threat Bulletin	Exact Steps to Follow		2020/06/01	Moderate
16	Impact Assessment	General Steps	No	2020/06/01	Highest
17	HR Interaction	Exact Steps to Follow	No	2020/06/01	Lowest
18	General Counsel Interaction	Exact Steps to Follow	No	2020/06/01	Lowest
19	Lost / Stolen Equipment Report	Steps Plus Details	No	2020/06/01	Moderate
20	Law Enforcement Interface	Exact Steps to Follow	No	2020/06/01	Lowest
21	Meet legal / industry reporting requirements	Exact Steps to Follow	No	2020/06/01	Moderate
22	Shift & Task handoff oversight	Steps Plus Details	No	2020/06/01	Lowest
23	Recovered Equipment Procedure	Steps Plus Details	No	2020/06/01	Lowest
24	Network Security Monitoring
25	Data Collection	General Steps	Yes	2020/05/01	Moderate
26	Validate receipt of data sources	Exact Steps to Follow	No	2020/06/14	Highest
27	Data Mining	General Steps	No	2020/07/01	Moderate
28	Hunting	General Steps	No	2020/05/01	None
29	Escalation Criteria	Steps Plus Details	No	2020/05/01	Moderate
30	Data Sharing	Exact Steps to Follow	No	2020/07/01	Lowest
31	Investigate Alert	General Steps	No	2020/07/01	Moderate
32	Lost / Stolen Equipment Report	Steps Plus Details	Yes	2020/07/01	Lowest
33	Update Incident	Exact Steps to Follow	No	2020/07/01	Moderate
34	Impact Assessment	General Steps	No	2020/07/01	Lowest
35	Threat Intelligence
36	Information Collection	General Steps	No	2020/07/01	Moderate
37	Correlation	Steps Plus Details	No	2020/07/01	Moderate
38	Enrichment of Data with Threat Intel	Steps Plus Details	No	2020/07/01	Highest
39	Internal Data Mining	Steps Plus Details	No	2020/07/01	Moderate
40	Name sets	Exact Steps to Follow	No	2020/07/01	None
41	Attribution	Steps Plus Details	No	2020/07/01	Lowest
42	Data Sharing	Exact Steps to Follow	No	2020/07/01	Moderate
43	Impact Assessment	General Steps	No	2020/07/01	Lowest
44	Hunting	General Steps	No	2020/07/01	None
45	Update Incident	Exact Steps to Follow	No	2020/07/01	Moderate
46	Lost / Stolen Equipment Report	Steps Plus Details	No	2020/07/01	Lowest
47	Escalation Criteria	Steps Plus Details	No	2020/07/01	Moderate
48	Incident Response
49	Investigation	Steps Plus Details	No	2020/04/01	Lowest
50	Containment - host	Exact Steps to Follow	No	2020/04/01	Highest
51	Containment - network segment	Exact Steps to Follow	No	2020/04/01	Moderate
52	Containment - network equipment	Exact Steps to Follow	No	2020/04/01	Moderate
53	Containment - User account	Exact Steps to Follow	No	2020/04/01	Highest
54	Containment - VPN	Exact Steps to Follow	No	2020/04/01	Highest
55	Containment - …	Exact Steps to Follow	No	2020/04/01	Moderate
56	Coordinate with affected Business Unit	Exact Steps to Follow	No	2020/04/01	Lowest
57	Uncontain asset determined to be "clean"	Exact Steps to Follow	No	2020/04/01	Moderate
58	Fly Away capability	Steps Plus Details	Yes	2020/04/01	None
59	Interface w/ Outsourced Forensics	Exact Steps to Follow	No	2020/04/01	Lowest
60	Impact Assessment	General Steps	No	2020/04/01	Moderate
61	HR Interaction	Exact Steps to Follow	No	2020/04/01	Lowest
62	General Counsel Interaction	Exact Steps to Follow	No	2020/04/01	Lowest
63	Escalation Criteria	General Steps	No	2020/04/01	Lowest
64	Insider Threat Response	General Steps	No	2020/04/01	Lowest
65	Lost / Stolen Equipment Report	Steps Plus Details	No	2020/04/01	Lowest
66	Recovered Equipment Procedure	Steps Plus Details	No	2020/04/01	Lowest
67	Transfer asset to outsource Forensic capability	Exact Steps to Follow	No	2020/04/01	Lowest
68	Asset Collection	Exact Steps to Follow	No	2020/04/01	Moderate
69	Hunting	General Steps	No	2020/04/01	None
70	Update Incident	Exact Steps to Follow	No	2020/04/01	Moderate
71	Law Enforcement subpoena fulfillment	Exact Steps to Follow	No	2020/04/01	Lowest
72	Law Enforcement Interface	Exact Steps to Follow	No	2020/04/01	Lowest
73	Self-Assessment - Configuration Monitoring
74	Change Approval	Steps Plus Details	No	2020/04/01	Lowest
75	Baseline creation	Exact Steps to Follow	No	2020/04/01	Lowest
76	Exception request approval	Steps Plus Details	No	2020/04/01	Lowest
77
78	Self-Assessment - Vulnerability Assessment
79	Vulnerability Scanning	Exact Steps to Follow	No	2020/04/01	Moderate
80	Correlate public info to assets	Steps Plus Details	No	2020/04/01	Lowest
81
82	Self-Assessment - Penetration Testing
83	Adversary behavior modeling	General Steps	No	2020/08/01	Lowest
84	Reconnaissance	General Steps	No	2020/04/01	Lowest
85	Coordinate with system owners	Steps Plus Details	No	2020/04/01	Lowest
86	Assess systems	General Steps	No	2020/04/14	Lowest
87
88	Self-Assessment - Exercises
89	Create Exercises	General Steps	No	2020/04/01	None
90	Conduct Exercises	Steps Plus Details	No	2020/06/01	Lowest
91	Assess Exercise Performance	Exact Steps to Follow	No	2020/06/01	Lowest
92	Assess DR/BCP of SOC	Steps Plus Details	No	2020/06/01	None
93	Assess Users	Exact Steps to Follow	No	2020/06/01	Lowest
94
95	Other
96	SOC Staff Access Log Review	Exact Steps to Follow	No	2020/03/01	Moderate
97	Initial DR/BCP transfer to secondary facility	Exact Steps to Follow		2020/03/01	Lowest
98	Hiring /Interview Practices	General Steps	No	2020/03/01	None
99	SOC Support Capbility
100	Architecture	Steps Plus Details	No	2020/05/01	Lowest