This KA starts by introducing some of the vocabulary, processes and architecture. It then follows the loop concepts, discussing detection at the sensor level, both looking at data sources and detection algorithms. It then discussed Security Information and Event Management, instantiating Analyse from a more global perspective than sensors. Using the Security Orchestration, Analytics and Reporting (SOAR) concept, it further develops the modern aspect of the Plan and Execute activities.
3rd April 2019