Level 1: System Event Monitoring

Start with Anti-Virus and Firewall alerts and worked under the Network Operation Centre

Level 2: Security Monitoring

Introduce log integration with SIEM product, and start the playbook development, the first stage of blue team establishment

Level 3: Security Orchestration

Introduce SOAR, starting the automation security by integrating the developed playbook into the defense process. Offensive security is introduced in this stage to know yourself and know your enemy

Level 4: Threat-Informed Cybersecurity

Develop the threat intelligence capability integrated with threat hunting technique, and behavior-based analysis to establish an all-rounded proactive defense strategy

Level 5: Cyber Fusion Centre

Link with external defensive resources, perform threat analysis and integrate with the ISAC, contributing to the community