Algorithm for Baselining, Remediation and Escalation |
Step 1.0 Input |
1.1 Obtain data from the access, distribution and core layers of the network |
1.2 Analyze log data from Firewall, IPS/IDS, Routers, Switches, Access Points, Servers, Services and End-Devices |
1.3 Induce regular periodic baseline for all layers, devices and services |
Step 2.0 Output Log analysis |
2.1 If Analyzed Log is Abnormal Review In-Built Automatic Remediation Capability List If Automatic Remediation Possible Proceed to Remediate Else Escalate to SOC Analyst End if Else Log Event End if |