You may have noticed a new blog post about a new SOC Process Framework workbook (What’s New: Azure Sentinel – SOC Process Framework Workbook – Microsoft Tech Community). But what does really mean?
First, the workbook is very awesome. It provides a great framework for setting up your own SOC processes. It was meant to be updated to fit your needs (as can be seen by the first step wanting you to add your own company’s name).
You will definitely need to update the SOC Contacts page (since it is empty) with your own names. This way, all of your SOC personnel will know who to call if they need to contact someone.
I recommend going through all the various pages and make notes of what needs to be changed to fit your environment. I would think that this will be a living document, and as you get more information, you will update this. For example, all the Processes & Procedure pages can be updated as you develop newer and better processes and procedures.
I highly recommend taking a look at this time. I feel it is a work in progress (otherwise why have those parameters at top if there is no code) so make sure to create a clone if you do create this from a template to avoid overwriting changes when the template is updated!