To triage, investigate and remediate an incident, the SOC analyst is required to perform a list of steps - which may be use case specific or as part of a general SOC standard. The set of steps is com...
Updated Nov 29, 2022
Version 1.0
Blog Post
Where would any output for these tasks be stored? or is it a factor of open and closed?
For example taking one of your tasks listed above: "Run Query to review recent activity" <-- the output of that could be any number of things including for example "The user appears to have logged onto from a new geographic location".
Would the Analyst store that information in the task or in the comments?