Role: Triage Specialist
The process of evaluating the security incidents to determine which are false positives and which need to be addressed immediately. While it’s essential to mark false positives, they should not be concealed.
Responsibilities:
- Monitor and investigate the alerts.
- Configure and manage the security tools.
- Develop and implement basic IDS signatures.
- Participate in SOC working groups and meeting.
- Create tickets and escalate the security incidents to Tier-2 & Team lead if needed.
Questions to ask: Did the attacker manage to exfiltrate the data? How much data does the attacker manage to exfiltrate? Did the attacker attempt to pivot into other hosts?