Roles and responsibilities in Threat Intel Management - Administrator Guide - Threat Intel Management Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Roles and responsibilities in a Threat Intel Management environment.

A Threat Intel Management (TIM) analyst may have a different persona in the SOC. In some organizations, the TIM analyst is part of the SOC analyst’s definition of work, but they have different workflows and use cases. The daily work of SOC analysts and TIM analysts are different.



Security Analyst (SOC Tier-1)

  • Triage Specialist

  • Monitor, manage, and configure security tools

  • Review incidents to assess their urgency

  • Escalate incidents when necessary

Threat Intel Analyst (SOC Tier 2-3)

  • Incident responders and threat hunters

  • Remediation of escalated incidents from Tier 1 - investigation, response, and assessments

  • Proactive work to remove infrastructure weaknesses