Skip to main content

Security operations analyst workflow for Northstar

A security operations (SOC) analyst is typically responsible for:

  • Triage and respond to incidents:

    • Investigate and triage incidents. For example, determine if an incident is a false positive or a true positive

    • Perform initial containment. For example, block IP addresses or isolate affected systems

    • Execute incident response. For example, implement system containment, eradication, or recovery

  • Look for threats; identify risk and exposure.

SOC analyst workflow steps for Northstar

This workflow provides an example of how a SOC analyst could use Northstar.

Monitor incidents

Go to the Incidents page and sort by Contrast Score or severity to prioritize severe issues.

Go to Explorer for a comprehensive view of your organization's application layer.

icon-bug-tracker-arrow.svg

Begin incident response

In the Incidents page, select an incident and review details such as the summary, score, possible cause, associated assets (servers and applications), and associated issues.

icon-bug-tracker-arrow.svg

Triage and remediate

From the Incidents page, select the associated issues.

Review and implement actions reported in the How to fix details.

If necessary, assign the incident to a developer to work on fixing the issue.

icon-bug-tracker-arrow.svg

Close the incident

After you verify that an issue is fixed and the incident is no longer being exploited, in the Incidents page, change the status to Closed.

In this section:

An incident is a collection of one or more issues and observations that demands an immediate response from the organization. Contrast creates incidents automatically based on ADR rules.

Contrast Score