Understanding incident management
Incident management is the process we go through from incident detection to the time the incident is resolved. In SOC, this is where SOC analysts will be able to monitor incidents as they are created, filter incidents based on conditions, search through the incidents, and perform fast incident actions.
Without incident management, our SOC analysts wouldn’t be able to see what incidents were created and from where they would need to start the incident investigation.
- Detect the incident
- Investigate the incident
- Contain and recover from the incident
- Document the incident
Why do we need incident management in SOAR?
Imagine that the SOC team doesn’t have an incident management solution. An incident is detected...