Triage analyze alerts raised by cybersecurity detection tools deployed onsite or remotely and elevate them to the Senior SOC Analyst.
Examine network topologies to understand data flows through the network.
Use SOC tools for continual monitoring and analysis of system activity to identify malicious activity.
Identify network mapping and operating system fingerprinting activities.
Continuously monitor SIEM event alerts to identify any anomalies.
Perform event correlation using information gathered from a variety of sources within the organization to gain situational awareness and determine the effectiveness of observed attacks.
Detect incidents by monitoring the SIEM console, rules, reports, and dashboards.
Provide timely detection, identification, and alerts of possible attacks, intrusions, anomalous activities and misuse activities, distinguishing these incidents from benign activity.