Security operations analyst workflow for NorthstarNorthstar
A security operations (SOC) analyst is typically responsible for:
Triage and respond to incidents:
Investigate and triage incidents. For example, determine if an incident is a false positive or a true positive
Perform initial containment. For example, block IP addresses or isolate affected systems
Execute incident response. For example, implement system containment, eradication, or recovery
Look for threats; identify risk and exposure.
SOC analyst workflow steps for NorthstarNorthstar
This workflow provides an example of how a SOC analyst could use NorthstarNorthstar.
Monitor incidents Go to the Incidents page and sort by Contrast Score or severity to prioritize severe issues. Go to Explorer for a comprehensive view of your organization's application layer. |  | Begin incident response In the Incidents page, select an incident and review details such as the summary, score, possible cause, associated assets (servers and applications), and associated issues. | | Triage and remediate From the Incidents page, select the associated issues. Review and implement actions reported in the How to fix details. If necessary, assign the incident to a developer to work on fixing the issue. | | Close the incident After you verify that an issue is fixed and the incident is no longer being exploited, in the Incidents page, change the status to Closed. |