Skip to content
Security Operations Centers Working Group documentation
Introduction
Initializing search
Security Operations Centers Working Group documentation
Introduction
What is a SOC?
Should I deploy a SOC?
Reference design
Threat Intelligence
Threat Intelligence
MISP
MISP
Introduction
Deployment
Configuration
Syncing with WLCG instance
Setting up GnuPG
Troubleshooting and debugging MISP
Sharing threat intelligence
Contributing to the upstream Puppet module
OIDC
Data sources
Data sources
Zeek
Zeek
Introduction
Hardware requirements
Recommended operating system
Capture Network Interface Card tweaks
Deploying Zeek
Configuration
Alerting
JSON Logs
Messaging, Transport and Enrichment
Messaging, Transport and Enrichment
Introduction
Enrichment Sources
Enrichment Sources
Introduction
Storage
Storage
Elasticsearch
Elasticsearch
Introduction
CERN Setup
Best practices
Aggregating data
Indices
Shards
Replicas
Fields
Keyword
Norms
Slowlogs
Aliases
Cluster Organization
Anomaly detection and Alarming
ElastAlert
Troubleshooting
Visualisation
Visualisation
Introduction
Alerting + Incident Response
Alerting + Incident Response
Introduction
Other topics and materials
Other topics and materials
Integrations
Integrations
Introduction
MISP to Zeek
Networking
Networking
Introduction
Network layout and mirroring at CERN
Glossary
Resources
Messaging, Transport and Enrichment