Skip to main content

Security operations analyst workflow for Contrast NorthStar

A security operations (SOC) analyst is typically responsible for:

  • Triage and respond to incidents:

    • Investigate and triage incidents. For example, determine if an incident is a false positive or a true positive. (determine FP/TP)

    • Perform initial containment. For example, block IP addresses or isolate affected systems.

    • Execute incident response. For example, implement system containment, eradication, or recovery.

  • Hunt for threats and identify risk and exposure.

This workflow provides an example of how a SOC analyst could use Contrast NorthStar.

How/when to use this concept (optional)

With this concept you can:

  • Task one (link this to task topics related to this content)

  • Task two (link this to task topics related to this content)

  • Task three (link this to task topics related to this content)

In this section:

An incident is a collection of one or more issues and observations that demands an immediate response from the organization. Contrast creates incidents automatically based on ADR rules.