The original post: /r/cybersecurity by /u/Friendly-Copy5895 on 2024-11-22 22:44:12.

Hello everyone!

I’m looking for recommendations for a virtual SOC (vSOC) or managed SOC service that has strong experience handling Kubernetes-specific logging, and other data sources like endpoint, network, etc. I work for a mid-market company, and while we already have a solid logging system in place for our infrastructure, we’re heavily invested in Kubernetes and need a team that can efficiently manage and analyze that type of logging at scale. Our current contract has the bandwidth, but they’ve been dropping the ball recently claiming “they don’t understand Kubernetes that well.”

We currently have Mandiant IR on retainer, but before we reach out to them for SOC management, we want to explore other managed SOC options. For context, we use S1 EDR on our endpoints and rely on a variety of open-source tooling across our environment (Wazuh, and others).

If you have any suggestions or experiences with providers who specialize from Kubernetes logging to endpoint and network logging within a managed SOC setup, I’d love to hear from you!

Thanks in advance!