Useful Links
Computer Science
Cybersecurity
Security Event Triage
1. Foundations of Security Event Triage
2. The Triage Workflow
3. Key Data Sources for Triage
4. Core Triage Analysis Techniques
5. Tools of the Triage Analyst
6. Prioritization Frameworks and Models
7. Common Alert Types and Triage Approaches
8. Documentation and Communication
9. Developing Triage Expertise
Tools of the Triage Analyst
Primary Platforms
Security Information and Event Management (SIEM)
Log Aggregation
Alert Generation and Correlation
Dashboard and Reporting
Security Orchestration, Automation, and Response (SOAR)
Automated Playbooks
Case Management
Integration Capabilities
Extended Detection and Response (XDR)
Cross-Source Correlation
Endpoint and Network Integration
Unified Investigation Interface
Analysis and Investigation Tools
Log Management Platforms
Search and Query Capabilities
Visualization Tools
Data Retention Management
Network Protocol Analyzers
Packet Capture Analysis
Protocol Decoding
Traffic Flow Visualization
Malware Sandboxes
Automated Malware Analysis
Behavioral Reporting
Safe Execution Environment
Threat Intelligence Portals
IOC Lookup
Threat Actor Profiles
Campaign Tracking
Command-Line Utilities
whois
Domain Ownership Lookup
Registration Information
nslookup and dig
DNS Record Querying
DNS Resolution Testing
ping and traceroute
Network Connectivity Testing
Path Analysis
curl and wget
Web Request Testing
Content Retrieval
Vulnerability Scanners
Asset Discovery
Vulnerability Assessment
Risk Prioritization
Ticketing and Case Management Systems
Incident Tracking
Workflow Automation
Collaboration Features
Reporting and Metrics
Previous
4. Core Triage Analysis Techniques
Go to top
Next
6. Prioritization Frameworks and Models