Scribd Logo
Upload

Welcome to Scribd!

  • 345 views

    Soc Raci

    Uploaded by

    Lyu Sey
    The document outlines various roles and responsibilities within an organization's security operations center (SOC) including SOC analysts, detection engineers, incident handlers, and threat intelligence analysts. It describes key activities each role is responsible for in areas such as alerts triage, incident response, threat intelligence, detection engineering, automation engineering, and reporting. The document also indicates whether each role has primary responsibility (P), responsibility to assist (A), responsibility to consult (C), or responsibility to be kept informed (I) for each activity.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd

    Soc Raci

    Uploaded by

    Lyu Sey
    345 views2 pages
    The document outlines various roles and responsibilities within an organization's security operations center (SOC) including SOC analysts, detection engineers, incident handlers, and threat intelligence analysts. It describes key activities each role is responsible for in areas such as alerts triage, incident response, threat intelligence, detection engineering, automation engineering, and reporting. The document also indicates whether each role has primary responsibility (P), responsibility to assist (A), responsibility to consult (C), or responsibility to be kept informed (I) for each activity.

    Original Title

    SOC RACI

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document outlines various roles and responsibilities within an organization's security operations center (SOC) including SOC analysts, detection engineers, incident handlers, and threat intelligence analysts. It describes key activities each role is responsible for in areas such as alerts triage, incident response, threat intelligence, detection engineering, automation engineering, and reporting. The document also indicates whether each role has primary responsibility (P), responsibility to assist (A), responsibility to consult (C), or responsibility to be kept informed (I) for each activity.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    345 views2 pages

    Soc Raci

    Uploaded by

    Lyu Sey
    The document outlines various roles and responsibilities within an organization's security operations center (SOC) including SOC analysts, detection engineers, incident handlers, and threat intelligence analysts. It describes key activities each role is responsible for in areas such as alerts triage, incident response, threat intelligence, detection engineering, automation engineering, and reporting. The document also indicates whether each role has primary responsibility (P), responsibility to assist (A), responsibility to consult (C), or responsibility to be kept informed (I) for each activity.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    of 2

    Organization

    Activities SOC SOC detection Incident


    analyst lead manager

    Alerts triage (SIEM) I


    Incident creation (SIRP) for follow-up I I
    Detection service
    Incident validation by organization's SOC team R I I
    Confirmation of need to escalate the incident to CSIRT team R I A
    Detection use case opportunities identification C A C
    Risk-based attack scenarios confirmation, with redteaming I A I
    SIEM rules creation (SIEM search creation and optimization) I A I
    Detection engineering Service Testing & Tuning C A
    SIEM rules maintenance & fix I C
    Datamodel management I A I
    Data acquisition and ingestion to the SIEM I A I
    Custom playbook development C C C
    Automation engineering
    Tools integration with orchestrator (ITSM, security solutions...) C C C
    Threat intelligence collection C A I
    Security Intelligence Services Threat intelligence sources validation C A C
    Threat intelligence use cases definition C A C
    SOC tools (SIEM, TIP, SIRP, SOA, GIT) admininistration I I I
    Log Source Heartbeat Monitoring I I I
    Administrative Services
    Log Source Management I C I
    SOC tools monitoring I I I
    Building and updating KPI C C C
    Reporting Services Generating reporting I I A
    Acting upon missed SLA C C C
    Incident handling (CSIRT) I I A
    Incident response service Forensics Investigation (CSIRT) I I A
    Improve detection with incident response feedback I R A
    Detection capabilities assessment (purpleteaming) R A I
    Continuous improvement Incident response capabilities assessment (purpleteaming) I I A
    Scheduling regular external audits I I I
    Organization MSSP
    Offensive security SOC SOC Incident Threat intel SOC detection SecDevOps / SOC Tools SDM / project
    expert Management analyst handler analyst engineer automation Admin management

    A R I
    A R I I
    A I I I
    A I I A
    R A/C C C C R A
    R A/C C I R A
    I A I R I
    A C R I A
    A I R I I
    A I I I R I I
    I A I I I R I I A
    C A I I I C R I A
    C A I I I C R C A
    I A I I R I I I A
    I A I I R I I C A
    I A I I R C I A
    I A I I I I I R A
    I A I I I I I R I
    I A I I I C C R A
    I A I I I I I R A
    C A/R I I I I I R
    I A I I I I A/R
    I A/R I I I I I R
    I A I R I I A
    I A I R I I A
    C A I C C R C I A
    R A/C R I I R R A
    R A/C I R R R A
    I A/R I I I I I I A/R

    You might also like