ThetaPoint Blog

Security Reference Architecture - Process - Analysis Workflow

Your SOC’s analysis workflows mitigate most of the risks from intelligent actors. They also comprise your front-line staff’s most frequently executed work. As we stated in our framework overview, most analyses will not result in actionable findings. However, this underscores the need for high-quality alerts and quickly moving on from non-actionable events. We have split the main analytical workload into two core processes – one that makes sense out of alerts (Triage), and one that creates the logic for generating alerts (Use Case Development). We lift these two processes out of the typical investigation loop to…