From 876389973f2a39376ea406d103ccb6419cf4776b Mon Sep 17 00:00:00 2001 From: Adon Metcalfe Date: Fri, 1 Sep 2023 13:04:37 +0800 Subject: [PATCH] Update security-operations.md --- docs/baselines/security-operations.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/baselines/security-operations.md b/docs/baselines/security-operations.md index 2efaf4c7..0abe068a 100644 --- a/docs/baselines/security-operations.md +++ b/docs/baselines/security-operations.md @@ -9,6 +9,7 @@ This document and associated checklist is intended to be used as a high-level se - [ ] Define security operations scope (sensor availability, common/high impact events to focus on, business continuity objectives) - [ ] Ensure a **Cyber Incident Response Plan** is developed and maintained with this content (refer to the [ACSC Cyber Incident Response Plan - Word Template (docx)](../pdfs/ACSC-Cyber-Incident-Response-Plan-Template.docx) as a starting point) - [ ] Ensure SIEM visibility across all endpoints used, applications / services delivered, and network traffic flows + - [ ] Deploy SIEM tools to ingest endpoint, network and application telemetry. Ensure tools can be targeted with open, interoperable query formats such as [STIX](https://github.com/opencybersecurityalliance/stix-shifter) indicators and [Sigma](https://github.com/SigmaHQ/sigma) detection rules. Refer to [stix-shifter connectors](https://github.com/opencybersecurityalliance/stix-shifter/blob/develop/docs/CONNECTORS.md) and [pySigma backends](https://github.com/SigmaHQ/pySigma#backends-comparison-between-pysigma-and-sigmac) for a comprehensive list of tools with good interoperability. - [ ] Make available relevant [MITRE Data Sources](https://attack.mitre.org/datasources/) to the security operations team - [ ] Ensure the platform can be configured with automated detection capabilities for [MITRE Tactics](https://attack.mitre.org/tactics/enterprise/) - [ ] Review and update the below security artefacts quarterly