Useful Links
Computer Science
Cybersecurity
Security Event Triage
1. Foundations of Security Event Triage
2. The Triage Workflow
3. Key Data Sources for Triage
4. Core Triage Analysis Techniques
5. Tools of the Triage Analyst
6. Prioritization Frameworks and Models
7. Common Alert Types and Triage Approaches
8. Documentation and Communication
9. Developing Triage Expertise
Prioritization Frameworks and Models
Severity Classification
Critical
Immediate Threats to Business Operations
Active Data Breaches
High
Significant Security Risks
Potential for Major Impact
Medium
Moderate Impact Events
Contained Threats
Low
Minor or Contained Events
Limited Impact Potential
Informational
Non-Actionable Data
Awareness Purposes
Impact Assessment
Business Impact
Financial Loss Potential
Reputational Damage Risk
Regulatory Compliance Issues
Data Impact
Data Breach Potential
Data Integrity Concerns
Confidentiality Risks
Operational Impact
Service Disruption
Productivity Loss
System Availability
Urgency Determination
Active vs. Historical Threat
Ongoing Attacks
Past Events Requiring Review
Scope of Compromise
Number of Affected Systems
Lateral Movement Potential
Network Segment Impact
Attacker Sophistication
Use of Advanced Techniques
Evidence of Targeted Attacks
Tool and Method Analysis
Using Industry Frameworks
MITRE ATT&CK Framework
Mapping Alerts to Tactics, Techniques, and Procedures (TTPs)
Identifying Gaps in Detection
Attack Path Analysis
The Cyber Kill Chain
Stages of Attack Progression
Disruption Points
Prevention Opportunities
The Diamond Model of Intrusion Analysis
Adversary Analysis
Capability Assessment
Infrastructure Mapping
Victim Profiling
Previous
5. Tools of the Triage Analyst
Go to top
Next
7. Common Alert Types and Triage Approaches