This is a blog dedicated to cybersecurity journey.
What is SOC? - Go to Introduction to SOC SOC L1 Analyst Responsibilities: Monitoring SIEM tool and detecting incidents. Monitoring resources and assets, analyzing log data to identify any anomalies. Identifying true positives and false positives. Report incident to SOC and any other relevant teams. Escalating the incidents when SLA's are not met. Assisting SOC L2 & L3 Analysts in incident detection, workflow, remediations and resolutions. Communicate with the external teams for proper incident resolution. Monitoring SIEM health status. Follow up on escalated incidents. SOC L2 Analyst Responsibilities: Validating the incidents escalated by L1 Analysts. In depth investigation on the incidents. Recommending mitigation strategies to resolve the incident. Manage SIEM tool and updating the log baselines. Generating and delivering daily, weekly, and monthly reports on time. Incident knowledge base. Communicating with external entities to resolve any queries on the raised incidents. O...
Comments
Post a Comment