SOC WG meeting

Thursday 1 Apr 2021, 16:00 → 17:00 Europe/Zurich

Agenda:

• Status updates from working group members
• Defining goals for 2021
• Review of the workplan

Attendees: David Crooks, Liviu Valsan, Adam Bouthcer, George Field, James McLoughlin, Jiarong Wang, Manon, Michael Davis, Mihai Carabas, Nicole Stewart, Romain Wartel, Sven Gabriel, Tian Yan, Vlad Grigorescu, Nigel Watkinson

Outcomes:

Especially going forward, working group has sites and organisations of different types and at different stages:

• Orgs with mature operational security facilities and tools: would benefit from best ways of working with threat intelligence, how to optimally use the central MISP instance, etc
• Places that are implementing SOC components from ~scratch, who would benefit from help starting up, including deployment guides, tuning help and so on.

From this and other discussions, consider a set of distinct strands:

• new deployments (bootstrapping)
• optimising use of threat intelligence (inc translation between formats)
• containerisation (training/demos/canned deployments for small bandwidth context)
• High bandwidth network contexts (>100G) 

Intent is to have members identify which of these strands they could contribute to then work can continue somewhat in parallel.