Roles and responsibilities in Threat Intel Management - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-11-13
Category
Administrator Guide
Solution
On-prem
Abstract

Roles and responsibilities in a Threat Intel Management environment.

A Threat Intel Management (TIM) analyst may have a different persona in the SOC. In some organizations, the TIM analyst is part of the SOC analyst’s definition of work, but they have different workflows and use cases. The daily work of SOC analysts and TIM analysts are different.

Roles

Responsibility

Security Analyst (SOC Tier-1)

  • Triage Specialist

  • Monitor, manage, and configure security tools

  • Review incidents to assess their urgency

  • Escalate incidents when necessary

Threat Intel Analyst (SOC Tier 2-3)

  • Incident responders and threat hunters

  • Remediation of escalated incidents from Tier 1 - investigation, response, and assessments

  • Proactive work to remove infrastructure weaknesses