| Algorithm for Baselining, Remediation and Escalation |
| Step 1.0 Input |
| 1.1 Obtain data from the access, distribution and core layers of the network |
| 1.2 Analyze log data from Firewall, IPS/IDS, Routers, Switches, Access Points, Servers, Services and End-Devices |
| 1.3 Induce regular periodic baseline for all layers, devices and services |
| Step 2.0 Output Log analysis |
| 2.1 If Analyzed Log is Abnormal Review In-Built Automatic Remediation Capability List If Automatic Remediation Possible Proceed to Remediate Else Escalate to SOC Analyst End if Else Log Event End if |