The Security Operation Center is an operational unit tasked with identifying cyber attacks in the network before they can develop their full risk potential. The typical cyber attack takes several months to spread far enough in the victim's network. During this time, the attacker tries to hide his attack as well as possible. In order to still recognize the attack, a SOC needs various elements: • Systems to capture the status data of end devices, central components, applications or IoT, production and medical devices. • Processes to ensure a complete and meaningful analysis and the appropriate response to security events. • Well-trained and experienced analysts. Despite all the intelligence of modern security systems, this human component is still th ...