Security Operations Center (SOC)

In Scope

1. Logs, alerts, and security events are collected and correlated in Microsoft Sentinel.

2. Infrastructure‑ and system‑level alerts are monitored via Zabbix.

3. Security‑relevant incidents are created in Microsoft Sentinel.

4. Confirmed or critical incidents are forwarded to PagerDuty for:

On‑call notification

Escalation to L2/L3 security teams

Cross‑team coordination (SOC, NOC, Network, DR)

Monitoring Platform

Zabbix

Infrastructure‑level monitoring (availability, performance, anomalies)

Detection of security‑relevant operational events

Forwarding of critical events into SOC workflows (as applicable)

Incident & Escalation Platform

PagerDuty

Centralized incident management and on‑call escalation

Automated notification and response workflows

SLA‑based alert routing and escalation management

Security Domains Monitored

Network security devices (firewalls, IDS/IPS, WAF)

Servers and endpoints (log and event level)

Identity and access security events

Operating system and application security logs

Cloud and hybrid environment security telemetry (if in scope)

24/7 Security Monitoring & Detection

Continuous monitoring of security alerts and events via Microsoft Sentinel

Real‑time threat detection using analytics and correlation rules

Enrichment and prioritization of security alerts

Reduction of noise and false positives through intelligent filtering

Security Incident Management (SOC)

First‑level (L1) security incident analysis and handling

Incident classification, severity assignment, and impact assessment

Initial investigation and validation

Alerting, Escalation & PagerDuty Integration

Automatic creation of incidents in PagerDuty for critical threats

On‑call and escalation policy enforcement

Coordination between SOC, NOC, Network, OS, and DR teams

Support during major or high‑severity security incidents

Event & Log Management

Centralized log ingestion and correlation in Microsoft Sentinel

Security event tracking and incident history

Awareness of maintenance windows and approved changes

Reporting & Visibility

Security incident and alert reporting

Threat trends and risk posture analysis

SOC operational dashboards and summaries

Executive‑level security reports

Incident records, investigation notes, and timelines

SOC playbooks and standard operating procedures (SOPs)

Input into root cause analysis (RCA) and problem management

Continuous improvement recommendations for detection and response