Roles and responsibilities in Threat Intel Management - Administrator Guide - Threat Intel Management Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-05-15
Category
Administrator Guide
Abstract

Roles and responsibilities in a Threat Intel Management environment.

A Threat Intel Management (TIM) analyst may have a different persona in the SOC. In some organizations, the TIM analyst is part of the SOC analyst’s definition of work, but they have different workflows and use cases. The daily work of SOC analysts and TIM analysts are different.

Roles

Responsibility

Security Analyst (SOC Tier-1)

  • Triage Specialist

  • Monitor, manage, and configure security tools

  • Review incidents to assess their urgency

  • Escalate incidents when necessary

Threat Intel Analyst (SOC Tier 2-3)

  • Incident responders and threat hunters

  • Remediation of escalated incidents from Tier 1 - investigation, response, and assessments

  • Proactive work to remove infrastructure weaknesses