With the increasing adoption of public cloud, more and more government departments are willing to migrate to the cloud, not to mention private enterprises that have long been using cloud resources to provide services. Naturally, hackers have already set their sights on the cloud environment. However, facing the threats from hackers, whether the internal security personnel of the organization can effectively monitor and respond to cloud security threats will be an important issue. Especially, the convenience of the cloud makes users have a false sense of no security risks, often ignoring the security damage caused by the cloud. How to monitor and respond to such risks has become a new challenge for security managers. In the agenda, we will share experiences and practices of SOC cloud monitoring, and highlight several key points that can be used for monitoring in the cloud, hoping to provide better understanding for current security personnel facing cloud monitoring.