Acción de remediación
Steps taken to eliminate the cause of a detected security incident, restore affected systems, and strengthen defenses to prevent recurrence.
View termCategories
SOC
Browse SOC terms for cybersecurity professionals.
Languages
Agregación de registros
Log Aggregation is the process of collecting and centralizing logs from diverse systems, applications, and devices into a unified repository for correlation, analysis, and compliance within security operations.
View termAislamiento del Host
The process of removing a compromised or suspicious host from the network to prevent lateral movement and further compromise while incident investigation and remediation are performed.
View termAlerta de Seguridad
Automated or manual notification process by which a security system or analyst informs relevant personnel of detected suspicious activity or confirmed incidents in real time.
View termAnalítica de seguridad
Security Analytics refers to the use of advanced data analysis techniques, including machine learning and statistical models, to aggregate, process, and interpret large volumes of security event data for detecting threats, prioritizing alerts, and supporting incident response.
View termAnálisis de amenazas
Threat Analysis is the systematic evaluation of potential and actual cyber threats by assessing threat actor capabilities, intent, attack vectors, and potential impact to prioritize mitigation and inform security strategy.
View termAnálisis de Incidentes
The comprehensive examination and assessment of a security incident to determine its cause, scope, impact, and lessons learned for continuous improvement.
View termAnálisis de malware
The process of examining malicious software to understand its behavior, intent, origin, and potential impact on affected systems.
View termAnálisis de registros
The process of examining and interpreting system, application, and security logs to detect, investigate, and respond to security events and operational issues. Used extensively in SOCs for threat hunting, compliance, and forensic investigations.
View termAnálisis Forense
The scientific examination and investigation of digital devices, logs, or data to identify, collect, preserve, and analyze evidence related to security incidents, enabling root-cause determination and supporting legal or disciplinary action, as described in NIST SP 800-86 and ISO/IEC 27037.
View termAnálisis forense
The application of specialized techniques to collect, preserve, and analyze digital evidence from information systems following a security incident.
View termArquitectura Zero Trust
A security model that assumes no implicit trust is granted to systems or users inside or outside the network; verification is required for every access request.
View termAtribución de amenazas
Threat Attribution is the analytical process of linking a detected cyber threat, campaign, or incident to a specific actor, group, or nation-state, based on technical indicators, tactics, infrastructure, and intelligence sources. Essential in cyber threat intelligence and legal proceedings.
View termAutomatización de Playbook
The automated execution of predefined incident response actions and workflows using orchestration tools, reducing manual intervention and response time in SOC operations.
View termAutomatización de seguridad
Security Automation is the application of technology to perform repetitive or time-sensitive security operations tasks—such as detection, response, and remediation—without human intervention, typically using SOAR or automated scripting.
View termCadena de custodia
A formal process documenting the chronological handling, transfer, and control of digital evidence, ensuring its integrity and admissibility in legal or regulatory proceedings.
View termCapacidad de detección
Detection Capability is the measure of an organization's ability to identify and recognize cyber threats, malicious activities, and security incidents in a timely and accurate manner using technical and procedural controls.
View termCategorización de incidentes
Incident Categorization is the process of classifying security events or incidents based on type, severity, impact, and urgency to ensure standardized response procedures and accurate reporting within security operations.
View termCausa raíz
The fundamental underlying reason or origin of a security incident, breach, or operational failure, identified through structured analysis to inform remediation and prevent recurrence.
View termCaza de amenazas
A proactive and iterative search through networks, endpoints, and datasets to detect and isolate advanced threats that evade automated security solutions.
View termCiclo de Vida de la Alerta
The sequence of phases that a security alert undergoes, from initial detection and triage through investigation, escalation, response, resolution, and closure.
View termCierre de Incidente
The formal completion and documentation of all response activities for a security incident, ensuring lessons learned and post-incident reviews are recorded before closing the case.
View termComunicación de Incidentes
The timely and coordinated exchange of information about an incident’s status, impact, and response among internal teams, stakeholders, and, where required, external parties.
View termContención de incidentes
The actions taken to limit the impact of a security incident by isolating affected systems, preventing lateral movement, and preserving evidence for investigation.
View termContención de malware
Malware Containment is the set of actions and controls enacted to isolate and prevent the spread of malicious software within an organization’s systems, often as part of the incident response lifecycle.
View termCoordinación de Respuesta
The structured management and collaboration among teams and stakeholders to ensure efficient containment, eradication, and recovery from a cybersecurity incident.
View termCoordinación de respuesta
Response Coordination is the organized management of communication, task allocation, and resource deployment among stakeholders during a cybersecurity incident to ensure effective mitigation and timely resolution.
View termCorrelación de alertas
Alert Correlation is the process of analyzing and linking related security alerts from different sources or systems to identify complex threats, reduce false positives, and streamline incident response.
View termCorrelación de Amenazas
The analytical process of aggregating and comparing multiple data points from diverse sources to identify relationships or patterns that indicate a sophisticated cyber threat.
View termCorrelación de eventos
The process of analyzing and combining related security events from multiple sources to identify patterns indicative of incidents or attacks.
View termCronología del incidente
A detailed chronological record of all events, actions, and system states related to a security incident, used for investigation, reporting, and post-incident review.
View termDetección de anomalías
Anomaly Detection is the process of identifying unusual patterns, events, or activities in datasets, logs, or network traffic that may indicate a security incident, compromise, or operational risk, utilizing baselines and advanced algorithms. Used in SOCs for early warning and threat detection.
View termDetección de Incidentes
The process of identifying potential or actual security incidents in an IT environment by monitoring logs, events, and network activity, using automated tools and manual analysis, as described in NIST SP 800-61, ISO/IEC 27035, and SANS guidelines.
View termDocumentación de Alerta
The detailed recording of all relevant information about a security alert, including source, analysis, actions, and outcomes, to support accountability and future reference.
View termDocumentación de Incidentes
The detailed and systematic recording of all relevant information, actions, decisions, and evidence related to a cybersecurity incident throughout its lifecycle.
View termEjercicio Tabletop
A discussion-based incident response simulation where team members review and role-play their actions and decisions for hypothetical security scenarios.
View termEmulación de Adversario
The simulation of real-world attacker behaviors and techniques in a controlled environment to test and improve detection and response capabilities.
View termEnriquecimiento de alertas
The process of adding contextual information to security alerts, such as asset details, user context, or threat intelligence, to improve investigation and response efficiency.
View termEscalada de Alerta
The process of forwarding a security alert to higher-level analysts or decision makers when the event exceeds the current responder’s authority or capacity.
View termEscalada de Caso
The process of transferring a security incident or case to a higher-level team or authority due to severity, complexity, or policy requirements.
View termEscalada de privilegios
An attack or exploit in which a user or application gains higher access rights or privileges than intended by system policy.
View termEscalado de incidentes
The formal process of transferring a detected security incident to higher-level personnel or specialized teams for further analysis, response, or decision-making.
View termEstrategia de Contención
A set of planned actions and measures taken to limit the spread and impact of a cybersecurity incident, preventing further damage or lateral movement within the environment.
View termEvaluación de amenazas
A structured process for identifying, analyzing, and prioritizing potential threats to an organization's assets, operations, or information based on current intelligence and risk posture.
View termEvaluación de compromiso
Compromise Assessment is the comprehensive evaluation of an organization’s systems, networks, and data to identify evidence of past or ongoing security breaches or unauthorized access, often leveraging threat hunting techniques.
View termFatiga de alertas
Alert Fatigue is a condition in which security analysts become desensitized or overwhelmed due to excessive or repetitive alerts, potentially resulting in missed detections or slower response in a SOC environment.
View termFlujo de Incidentes
A structured sequence of tasks and escalation steps followed during the lifecycle of a security incident, from detection through resolution and post-incident review.
View termFlujo de remediación
Remediation Workflow is a structured, documented process for addressing and resolving identified security issues or incidents, encompassing investigation, mitigation, validation, and post-incident review steps within security operations.
View termFlujo de Respuesta
A formalized, step-by-step sequence of procedures and roles that guide the incident response process from detection through resolution in accordance with established policies.
View termGestión de Casos
The process of documenting, tracking, and resolving security incidents or investigations within a structured platform, ensuring workflow accountability, auditability, and collaboration among SOC or IR teams, as defined in NIST SP 800-61 and industry playbooks.
View termGestión de crisis
Coordinated organizational actions and communication aimed at containing, resolving, and recovering from severe security incidents or disruptions to minimize operational and reputational damage.
View termGestión de Incidentes
A structured set of procedures used by security teams to address, manage, and resolve cybersecurity incidents, including containment, eradication, and recovery, following official frameworks such as NIST SP 800-61 and ISO/IEC 27035.
View termGestión de Incidentes
The comprehensive process of managing a cybersecurity incident from initial detection through analysis, containment, eradication, recovery, and post-incident review.
View termGestión de Incidentes
A coordinated set of processes and tools for identifying, assessing, responding to, tracking, and resolving security incidents to minimize business impact, ensure compliance, and enable post-incident analysis in accordance with established policies and standards (ref: NIST SP 800-61, ISO/IEC 27035).
View termInformática Forense
The discipline of identifying, preserving, analyzing, and documenting digital evidence from electronic devices to support incident response, legal processes, or internal investigations.
View termIngeniería de Detección
The discipline of designing, implementing, and tuning security monitoring rules, analytics, and automation to identify threats with accuracy and minimal false positives.
View termInteligencia de Amenazas
Evidence-based knowledge about existing and emerging threats, derived from analysis of indicators, adversary behavior, and context, which is used to inform defense strategies and enable proactive mitigation, as described in NIST SP 800-150, MITRE ATT&CK, and ISO/IEC 27002.
View termInvestigación de Alerta
The process of analyzing and validating security alerts to determine their legitimacy, scope, and required response actions.
View termInvestigación de Alerta
The structured process of examining the source, context, and impact of a security alert to determine its validity, root cause, and next response steps.
View termInvestigación de incidentes
A systematic process of collecting, analyzing, and documenting evidence to determine the cause, impact, and scope of a security incident.
View termInyección de Proceso
A technique used by attackers or legitimate tools to inject code into the address space of another process, enabling code execution within the context of a target process, often to evade detection or escalate privileges.
View termLista de control de acceso
A table or data structure used to specify permissions attached to system objects, defining which users or processes are granted access to objects and operations.
View termMitigación de Incidentes
Targeted actions taken to reduce the immediate and long-term impact of a security incident, including containment, eradication, and recovery measures.
View termModelado de Amenazas
A structured process for identifying, prioritizing, and evaluating potential threats and vulnerabilities to an organization’s information systems to guide security controls design and risk mitigation strategies.
View termMonitorización de seguridad
Continuous observation, collection, and analysis of security events and data across information systems to detect threats, policy violations, or anomalous activities as part of organizational risk management.
View termNotificación de Amenaza
Official communication to stakeholders regarding the discovery or presence of a specific cyber threat, often required by regulations or internal policy.
View termNotificación de incidente
The act of formally informing stakeholders, management, or regulatory bodies about a detected or ongoing security incident in accordance with established policies.
View termNotificación de Incidentes
The formal process of documenting and communicating the details of a cybersecurity incident to relevant stakeholders, regulatory authorities, or partners, as required by legal, regulatory, or contractual obligations (see NIST SP 800-61 and ENISA guidelines).
View termNotificación de Incumplimiento
The formal process of informing affected parties, regulators, and other stakeholders about a confirmed data breach, in accordance with legal and contractual obligations.
View termNotificación de Seguridad
The formal process of communicating significant security events or incident statuses to designated stakeholders or regulatory bodies, ensuring transparency and compliance.
View termOperaciones de Seguridad
All coordinated activities performed in a Security Operations Center (SOC) to monitor, detect, investigate, and respond to cybersecurity threats in real time. This includes proactive defense, continuous monitoring, incident handling, and threat intelligence integration, as described in NIST SP 800-137 and ISO/IEC 27035.
View termOrquestación de Seguridad
The automated coordination and integration of security tools, processes, and workflows to accelerate response and improve operational efficiency in security operations centers.
View termPlan de Remediación
A documented set of actions designed to eliminate the root cause and effects of a security incident, restore affected systems, and reduce the risk of recurrence.
View termPlan de Respuesta
A documented strategy outlining procedures, roles, responsibilities, and communications for responding to cybersecurity incidents.
View termPlaybook de Seguridad
A documented set of repeatable incident response procedures and decision trees tailored to specific threat scenarios or alerts.
View termPreparación ante Incidentes
The proactive state of an organization’s people, processes, and technology to efficiently detect, respond to, and recover from security incidents in accordance with pre-established plans.
View termPreparación de Respuesta
The state of preparedness of personnel, processes, and technology to quickly and effectively respond to cybersecurity incidents.
View termPreservación de Evidencias
The controlled process of securing, documenting, and protecting digital or physical evidence to maintain integrity for internal review or legal proceedings.
View termPriorización de alertas
The process of ranking and categorizing security alerts based on risk, relevance, and organizational impact, to enable efficient triage and response by SOC analysts.
View termPriorización de Incidentes
The classification and ranking of security incidents based on risk, severity, and potential business impact to determine response order and resource allocation.
View termProceso de Investigación
A structured series of analytical steps undertaken by security teams to determine the scope, cause, and impact of a cybersecurity incident, using forensic techniques and available evidence.
View termRecopilación de pruebas
The systematic process of gathering digital artifacts, logs, devices, or other data relevant to a security incident, following forensic best practices to preserve integrity.
View termRecuperación de incidentes
The coordinated set of actions taken to restore systems, operations, and services to normal functioning after a security incident, minimizing impact and ensuring business continuity.
View termRegistro de Incidentes
The systematic recording of incident details, timelines, actions taken, and outcomes to ensure transparency, facilitate analysis, and support compliance requirements.
View termReporte de Incidentes
The formal communication process for notifying internal or external authorities about detected security incidents, as required by organizational policy, regulatory, or contractual obligations.
View termRespuesta a Incidentes
A coordinated approach to addressing and managing the aftermath of a security breach or cyberattack, with the aim of limiting damage, reducing recovery time and costs, and preventing future incidents. Involves predefined processes for detection, containment, eradication, and recovery, as formalized in NIST SP 800-61 and ISO/IEC 27035.
View termRespuesta a Phishing
Coordinated actions taken to detect, contain, and mitigate phishing attacks, including user notification, credential reset, and blocking malicious domains.
View termRespuesta de Seguridad
Coordinated activities by security personnel to mitigate, contain, and resolve identified threats or incidents in accordance with organizational protocols.
View termRetención de Registros
The process and policy of securely retaining security event and audit logs for a defined period to ensure availability for investigations, compliance, and forensic analysis.
View termRevisión de Incidentes
A structured post-incident process for evaluating the effectiveness of detection, response, and recovery measures to identify lessons learned and update procedures.
View termSegmentación de red
The practice of dividing a computer network into subnetworks, each being a network segment, to improve security, performance, and manageability by restricting lateral movement.
View termSeguimiento de Incidentes
The systematic process of recording, updating, and monitoring security incidents throughout their lifecycle to ensure accountability, compliance, and timely resolution.
View termSimulación de adversario
Adversary Simulation is a controlled security exercise that emulates realistic cyber attacks by mimicking the tactics, techniques, and procedures (TTPs) of threat actors to assess organizational detection, prevention, and response capabilities.
View termSimulación de Ataque
A controlled emulation of cyberattacks against systems, networks, or people to assess security posture, validate defenses, and improve response capabilities.
View termSupresión de Alertas
The intentional filtering or silencing of specific security alerts to reduce noise from false positives and allow focus on actionable incidents.
View termTelemetría de seguridad
Security Telemetry refers to the automated collection, transmission, and aggregation of security-relevant data—such as logs, metrics, events, and alerts—from endpoints, networks, and cloud systems to enable real-time monitoring and analysis.
View termTriaje de Alertas
The systematic process of evaluating, prioritizing, and categorizing security alerts based on severity, credibility, and potential impact, enabling efficient resource allocation and rapid incident detection within a SOC, as described in NIST SP 800-61 and MITRE ATT&CK®.
View termTriaje de Eventos
The process of rapidly classifying, prioritizing, and assigning security events for investigation based on impact, severity, and business risk.
View termValidación de Alertas
The process of verifying whether a security alert is genuine, actionable, and relevant, typically by correlating with additional telemetry or threat intelligence to reduce false positives before escalation.
View termViolación de la Política de Seguridad
Any action or event that contravenes an established information security policy or standard, triggering investigation or response according to compliance protocols.
View term