SOCstock Session 2021
Boring SOC Metrics for Boring Purposes!
SOC-Class Course Author, SANS Senior Instructor
Metrics are boring! They’re typically collected and displayed to prove that the SOC is doing something. Usually in the form of a count of something, or time to do something, the reports read like the distributed ledger of a cryptocurrency.
Let’s challenge ourselves to do it better. This talk provides incentive and a few examples of how to produce metrics that will help your SOC, its Management, and your users to understand what’s actually happening in your environment. Fair warning: it’s not easy! If you want to be boring, keep doing what you’re doing. If you want to strive to excel, watch this.