Discover and read the best of Twitter Threads about #aql
Most recents (1)
How do you measure #SOC quality? 🤔
1. ISO 2859-1 (#AQL) to determine sample size
2. #Python #Jupyter notebook to perform random selection
3. Check sheet to spot defects
4. Process runs every 24 hrs
5. (Digestible) #Metrics to improve
How'd we get there? Story in /thread
1. ISO 2859-1 (#AQL) to determine sample size
2. #Python #Jupyter notebook to perform random selection
3. Check sheet to spot defects
4. Process runs every 24 hrs
5. (Digestible) #Metrics to improve
How'd we get there? Story in /thread
I'll break the thread down into four key points:
1. What we're solving for
2. Guiding principles
3. Our (current) solution
4. Quick recap
My goal is to share what's working for us and how we get there. But I'd love to hear from others. What's working for you?
1. What we're solving for
2. Guiding principles
3. Our (current) solution
4. Quick recap
My goal is to share what's working for us and how we get there. But I'd love to hear from others. What's working for you?
What we're solving for: All work is high quality, not just incidents.
On a typical day in our #SOC we'll:
- Process Ms of alerts w/ detection engine
- Send 100s to analysts for human judgement
Those 100s of alerts result in:
- Tens of investigations
- Handful of incidents
On a typical day in our #SOC we'll:
- Process Ms of alerts w/ detection engine
- Send 100s to analysts for human judgement
Those 100s of alerts result in:
- Tens of investigations
- Handful of incidents
