What is a SOC (Security Operations Center)?
D4 ยท Operations ยท CompTIA Security+ SY0-701A SOC (Security Operations Center) is a centralized facility and team of security professionals that continuously monitors an organization's IT environment โ 24/7/365 โ to detect, analyze, and respond to cybersecurity incidents.
SOC tiers: Tier 1 (alert triage, basic analysis), Tier 2 (deeper investigation, incident response), Tier 3 (advanced analysis, threat hunting, forensics).
Key SOC tools: SIEM (central visibility), SOAR (automation), EDR (endpoint), threat intel feeds.
SOC tiers: Tier 1 (alert triage, basic analysis), Tier 2 (deeper investigation, incident response), Tier 3 (advanced analysis, threat hunting, forensics).
Key SOC tools: SIEM (central visibility), SOAR (automation), EDR (endpoint), threat intel feeds.
SIEM is the SOC's primary tool for log aggregation and correlation. SOAR automates repetitive SOC tasks (playbooks). MDR (Managed Detection and Response) is an outsourced SOC service. Know the SOC tier model and what each tier does.