Zscaler - Day to Day operations

(Rajeev Srikant) #1

Would like to know after integrating with Zscaler what will be the roll of SOC team.
What will be the day - day operations for SOC with respect to Zscaler ?
What are the expected actions or work or operations they need to perform ?

(Rajeev Srikant) #2

Any inputs or suggestions

(Scott Bullock) #3

Hi @rajeev_srikant,
The role of the SOC can vary depending on the role the SOC plays in the organisation, not all SOC’s are equal. This said, here’s a list of tasks that may be performed when Zscaler forms part of SOC solution and operation:


Tasks

  • Policy changes, checks and management
  • Reporting and Analytics
  • SIEM tuning and correlation configurations
  • Health checks - tunnel up/down etc
  • Integrations into SOAR playbooks
  • Threat-hunting
  • Delegating administration/reporting via RBAC

Hope this provides some food for thought.

Cheers,
@skottieb