II.
Responsibility overview
Reference · liveresponsibility:security-incident-triage
Security incident triage overview
Triage security alerts and incidents — classify severity, determine scope, coordinate initial response, and escalate to appropriate teams based on incident type and impact.
Attributes
displayName
Security incident triage
cadence
on-demand
description
Triage security alerts and incidents — classify severity, determine
scope, coordinate initial response, and escalate to appropriate
teams based on incident type and impact.
Outgoing edges
held_by3
- role:soc-analyst·RoleSOC Analyst
- role:threat-analyst·RoleThreat Analyst
- role:blue-team-lead·RoleBlue Team Lead
requires_expertise2
- skill-area:security-monitoring-siem·SkillAreaSecurity Monitoring and SIEM
- skill-area:incident-response·SkillAreaIncident Response
Incoming edges
holds_responsibility3
- role:threat-analyst·RoleThreat Analyst
- role:soc-analyst·RoleSOC Analyst
- role:blue-team-lead·RoleBlue Team Lead
triggers_responsibility1
- workflow:security-incident-response·WorkflowSecurity Incident Response