Security operations analyst workflow for Contrast NorthStar
A security operations (SOC) analyst is typically responsible for:
Triage and respond to incidents:
Investigate and triage incidents. For example, determine if an incident is a false positive or a true positive. (determine FP/TP)
Perform initial containment. For example, block IP addresses or isolate affected systems.
Execute incident response. For example, implement system containment, eradication, or recovery.
Hunt for threats and identify risk and exposure.
This workflow provides an example of how a SOC analyst could use Contrast NorthStar.
How/when to use this concept (optional)
With this concept you can:
Task one (link this to task topics related to this content)
Task two (link this to task topics related to this content)
Task three (link this to task topics related to this content)