กระบวนการสืบสวน
A structured series of analytical steps undertaken by security teams to determine the scope, cause, and impact of a cybersecurity incident, using forensic techniques and available evidence.
View termCategories
SOC
Browse SOC terms for cybersecurity professionals.
Languages
กลยุทธ์การควบคุม
A set of planned actions and measures taken to limit the spread and impact of a cybersecurity incident, preventing further damage or lateral movement within the environment.
View termการกักกันมัลแวร์
Malware Containment is the set of actions and controls enacted to isolate and prevent the spread of malicious software within an organization’s systems, often as part of the incident response lifecycle.
View termการกู้คืนเหตุการณ์
The coordinated set of actions taken to restore systems, operations, and services to normal functioning after a security incident, minimizing impact and ensuring business continuity.
View termการควบคุมเหตุการณ์
The actions taken to limit the impact of a security incident by isolating affected systems, preventing lateral movement, and preserving evidence for investigation.
View termการคัดกรองเหตุการณ์
The process of rapidly classifying, prioritizing, and assigning security events for investigation based on impact, severity, and business risk.
View termการคัดแยกการแจ้งเตือน
The systematic process of evaluating, prioritizing, and categorizing security alerts based on severity, credibility, and potential impact, enabling efficient resource allocation and rapid incident detection within a SOC, as described in NIST SP 800-61 and MITRE ATT&CK®.
View termการจัดการความปลอดภัยแบบอัตโนมัติ
The automated coordination and integration of security tools, processes, and workflows to accelerate response and improve operational efficiency in security operations centers.
View termการจัดการเคส
The process of documenting, tracking, and resolving security incidents or investigations within a structured platform, ensuring workflow accountability, auditability, and collaboration among SOC or IR teams, as defined in NIST SP 800-61 and industry playbooks.
View termการจัดการเหตุการณ์
A structured set of procedures used by security teams to address, manage, and resolve cybersecurity incidents, including containment, eradication, and recovery, following official frameworks such as NIST SP 800-61 and ISO/IEC 27035.
View termการจัดการเหตุการณ์
The comprehensive process of managing a cybersecurity incident from initial detection through analysis, containment, eradication, recovery, and post-incident review.
View termการจัดการเหตุการณ์
A coordinated set of processes and tools for identifying, assessing, responding to, tracking, and resolving security incidents to minimize business impact, ensure compliance, and enable post-incident analysis in accordance with established policies and standards (ref: NIST SP 800-61, ISO/IEC 27035).
View termการจัดลำดับความสำคัญของการแจ้งเตือน
The process of ranking and categorizing security alerts based on risk, relevance, and organizational impact, to enable efficient triage and response by SOC analysts.
View termการจัดลำดับความสำคัญเหตุการณ์
The classification and ranking of security incidents based on risk, severity, and potential business impact to determine response order and resource allocation.
View termการจัดหมวดหมู่เหตุการณ์
Incident Categorization is the process of classifying security events or incidents based on type, severity, impact, and urgency to ensure standardized response procedures and accurate reporting within security operations.
View termการจำลองการโจมตี
A controlled emulation of cyberattacks against systems, networks, or people to assess security posture, validate defenses, and improve response capabilities.
View termการจำลองฝ่ายตรงข้าม
The simulation of real-world attacker behaviors and techniques in a controlled environment to test and improve detection and response capabilities.
View termการจำลองฝ่ายตรงข้าม
Adversary Simulation is a controlled security exercise that emulates realistic cyber attacks by mimicking the tactics, techniques, and procedures (TTPs) of threat actors to assess organizational detection, prevention, and response capabilities.
View termการฉีดกระบวนการ
A technique used by attackers or legitimate tools to inject code into the address space of another process, enabling code execution within the context of a target process, often to evade detection or escalate privileges.
View termการดำเนินการแก้ไข
Steps taken to eliminate the cause of a detected security incident, restore affected systems, and strengthen defenses to prevent recurrence.
View termการตรวจจับความผิดปกติ
Anomaly Detection is the process of identifying unusual patterns, events, or activities in datasets, logs, or network traffic that may indicate a security incident, compromise, or operational risk, utilizing baselines and advanced algorithms. Used in SOCs for early warning and threat detection.
View termการตรวจจับเหตุการณ์
The process of identifying potential or actual security incidents in an IT environment by monitoring logs, events, and network activity, using automated tools and manual analysis, as described in NIST SP 800-61, ISO/IEC 27035, and SANS guidelines.
View termการตรวจสอบแจ้งเตือน
The process of verifying whether a security alert is genuine, actionable, and relevant, typically by correlating with additional telemetry or threat intelligence to reduce false positives before escalation.
View termการตอบสนองด้านความปลอดภัย
Coordinated activities by security personnel to mitigate, contain, and resolve identified threats or incidents in accordance with organizational protocols.
View termการตอบสนองต่อฟิชชิ่ง
Coordinated actions taken to detect, contain, and mitigate phishing attacks, including user notification, credential reset, and blocking malicious domains.
View termการตอบสนองต่อเหตุการณ์
A coordinated approach to addressing and managing the aftermath of a security breach or cyberattack, with the aim of limiting damage, reducing recovery time and costs, and preventing future incidents. Involves predefined processes for detection, containment, eradication, and recovery, as formalized in NIST SP 800-61 and ISO/IEC 27035.
View termการติดตามเหตุการณ์
The systematic process of recording, updating, and monitoring security incidents throughout their lifecycle to ensure accountability, compliance, and timely resolution.
View termการทบทวนเหตุการณ์
A structured post-incident process for evaluating the effectiveness of detection, response, and recovery measures to identify lessons learned and update procedures.
View termการบรรเทาเหตุการณ์
Targeted actions taken to reduce the immediate and long-term impact of a security incident, including containment, eradication, and recovery measures.
View termการบริหารวิกฤต
Coordinated organizational actions and communication aimed at containing, resolving, and recovering from severe security incidents or disruptions to minimize operational and reputational damage.
View termการบันทึกเหตุการณ์
The systematic recording of incident details, timelines, actions taken, and outcomes to ensure transparency, facilitate analysis, and support compliance requirements.
View termการปฏิบัติการด้านความมั่นคง
All coordinated activities performed in a Security Operations Center (SOC) to monitor, detect, investigate, and respond to cybersecurity threats in real time. This includes proactive defense, continuous monitoring, incident handling, and threat intelligence integration, as described in NIST SP 800-137 and ISO/IEC 27035.
View termการประสานการตอบสนอง
Response Coordination is the organized management of communication, task allocation, and resource deployment among stakeholders during a cybersecurity incident to ensure effective mitigation and timely resolution.
View termการประสานงานการตอบสนอง
The structured management and collaboration among teams and stakeholders to ensure efficient containment, eradication, and recovery from a cybersecurity incident.
View termการประเมินการถูกละเมิด
Compromise Assessment is the comprehensive evaluation of an organization’s systems, networks, and data to identify evidence of past or ongoing security breaches or unauthorized access, often leveraging threat hunting techniques.
View termการประเมินภัยคุกคาม
A structured process for identifying, analyzing, and prioritizing potential threats to an organization's assets, operations, or information based on current intelligence and risk posture.
View termการฝึก tabletop
A discussion-based incident response simulation where team members review and role-play their actions and decisions for hypothetical security scenarios.
View termการยกระดับสิทธิ์
An attack or exploit in which a user or application gains higher access rights or privileges than intended by system policy.
View termการยกระดับแจ้งเตือน
The process of forwarding a security alert to higher-level analysts or decision makers when the event exceeds the current responder’s authority or capacity.
View termการรวบรวมหลักฐาน
The systematic process of gathering digital artifacts, logs, devices, or other data relevant to a security incident, following forensic best practices to preserve integrity.
View termการรวมบันทึก
Log Aggregation is the process of collecting and centralizing logs from diverse systems, applications, and devices into a unified repository for correlation, analysis, and compliance within security operations.
View termการระงับการแจ้งเตือน
The intentional filtering or silencing of specific security alerts to reduce noise from false positives and allow focus on actionable incidents.
View termการระบุแหล่งภัยคุกคาม
Threat Attribution is the analytical process of linking a detected cyber threat, campaign, or incident to a specific actor, group, or nation-state, based on technical indicators, tactics, infrastructure, and intelligence sources. Essential in cyber threat intelligence and legal proceedings.
View termการรายงานเหตุการณ์
The formal process of documenting and communicating the details of a cybersecurity incident to relevant stakeholders, regulatory authorities, or partners, as required by legal, regulatory, or contractual obligations (see NIST SP 800-61 and ENISA guidelines).
View termการรายงานเหตุการณ์
The formal communication process for notifying internal or external authorities about detected security incidents, as required by organizational policy, regulatory, or contractual obligations.
View termการละเมิดนโยบายความปลอดภัย
Any action or event that contravenes an established information security policy or standard, triggering investigation or response according to compliance protocols.
View termการล่าภัยคุกคาม
A proactive and iterative search through networks, endpoints, and datasets to detect and isolate advanced threats that evade automated security solutions.
View termการวิเคราะห์ความปลอดภัย
Security Analytics refers to the use of advanced data analysis techniques, including machine learning and statistical models, to aggregate, process, and interpret large volumes of security event data for detecting threats, prioritizing alerts, and supporting incident response.
View termการวิเคราะห์นิติวิทยาศาสตร์
The scientific examination and investigation of digital devices, logs, or data to identify, collect, preserve, and analyze evidence related to security incidents, enabling root-cause determination and supporting legal or disciplinary action, as described in NIST SP 800-86 and ISO/IEC 27037.
View termการวิเคราะห์นิติเวช
The application of specialized techniques to collect, preserve, and analyze digital evidence from information systems following a security incident.
View termการวิเคราะห์ภัยคุกคาม
Threat Analysis is the systematic evaluation of potential and actual cyber threats by assessing threat actor capabilities, intent, attack vectors, and potential impact to prioritize mitigation and inform security strategy.
View termการวิเคราะห์มัลแวร์
The process of examining malicious software to understand its behavior, intent, origin, and potential impact on affected systems.
View termการวิเคราะห์ล็อก
The process of examining and interpreting system, application, and security logs to detect, investigate, and respond to security events and operational issues. Used extensively in SOCs for threat hunting, compliance, and forensic investigations.
View termการวิเคราะห์เหตุการณ์
The comprehensive examination and assessment of a security incident to determine its cause, scope, impact, and lessons learned for continuous improvement.
View termการสร้างแบบจำลองภัยคุกคาม
A structured process for identifying, prioritizing, and evaluating potential threats and vulnerabilities to an organization’s information systems to guide security controls design and risk mitigation strategies.
View termการสืบสวนการแจ้งเตือน
The process of analyzing and validating security alerts to determine their legitimacy, scope, and required response actions.
View termการสืบสวนเหตุการณ์
A systematic process of collecting, analyzing, and documenting evidence to determine the cause, impact, and scope of a security incident.
View termการสืบสวนแจ้งเตือน
The structured process of examining the source, context, and impact of a security alert to determine its validity, root cause, and next response steps.
View termการสื่อสารเหตุการณ์
The timely and coordinated exchange of information about an incident’s status, impact, and response among internal teams, stakeholders, and, where required, external parties.
View termการส่งต่อกรณี
The process of transferring a security incident or case to a higher-level team or authority due to severity, complexity, or policy requirements.
View termการส่งต่อเหตุการณ์
The formal process of transferring a detected security incident to higher-level personnel or specialized teams for further analysis, response, or decision-making.
View termการเก็บบันทึก
The process and policy of securely retaining security event and audit logs for a defined period to ensure availability for investigations, compliance, and forensic analysis.
View termการเก็บรักษาหลักฐาน
The controlled process of securing, documenting, and protecting digital or physical evidence to maintain integrity for internal review or legal proceedings.
View termการเชื่อมโยงการแจ้งเตือน
Alert Correlation is the process of analyzing and linking related security alerts from different sources or systems to identify complex threats, reduce false positives, and streamline incident response.
View termการเชื่อมโยงภัยคุกคาม
The analytical process of aggregating and comparing multiple data points from diverse sources to identify relationships or patterns that indicate a sophisticated cyber threat.
View termการเชื่อมโยงเหตุการณ์
The process of analyzing and combining related security events from multiple sources to identify patterns indicative of incidents or attacks.
View termการเฝ้าระวังความปลอดภัย
Continuous observation, collection, and analysis of security events and data across information systems to detect threats, policy violations, or anomalous activities as part of organizational risk management.
View termการเพิ่มข้อมูลเตือนภัย
The process of adding contextual information to security alerts, such as asset details, user context, or threat intelligence, to improve investigation and response efficiency.
View termการแจ้งเตือนความปลอดภัย
Automated or manual notification process by which a security system or analyst informs relevant personnel of detected suspicious activity or confirmed incidents in real time.
View termการแจ้งเตือนความปลอดภัย
The formal process of communicating significant security events or incident statuses to designated stakeholders or regulatory bodies, ensuring transparency and compliance.
View termการแจ้งเตือนภัยคุกคาม
Official communication to stakeholders regarding the discovery or presence of a specific cyber threat, often required by regulations or internal policy.
View termการแจ้งเหตุการณ์
The act of formally informing stakeholders, management, or regulatory bodies about a detected or ongoing security incident in accordance with established policies.
View termการแจ้งเหตุละเมิดข้อมูล
The formal process of informing affected parties, regulators, and other stakeholders about a confirmed data breach, in accordance with legal and contractual obligations.
View termการแบ่งส่วนเครือข่าย
The practice of dividing a computer network into subnetworks, each being a network segment, to improve security, performance, and manageability by restricting lateral movement.
View termการแยกโฮสต์
The process of removing a compromised or suspicious host from the network to prevent lateral movement and further compromise while incident investigation and remediation are performed.
View termขั้นตอนการแก้ไขปัญหา
Remediation Workflow is a structured, documented process for addressing and resolving identified security issues or incidents, encompassing investigation, mitigation, validation, and post-incident review steps within security operations.
View termขีดความสามารถในการตรวจจับ
Detection Capability is the measure of an organization's ability to identify and recognize cyber threats, malicious activities, and security incidents in a timely and accurate manner using technical and procedural controls.
View termข่าวกรองภัยคุกคาม
Evidence-based knowledge about existing and emerging threats, derived from analysis of indicators, adversary behavior, and context, which is used to inform defense strategies and enable proactive mitigation, as described in NIST SP 800-150, MITRE ATT&CK, and ISO/IEC 27002.
View termความพร้อมรับการตอบสนอง
The state of preparedness of personnel, processes, and technology to quickly and effectively respond to cybersecurity incidents.
View termความพร้อมรับเหตุการณ์
The proactive state of an organization’s people, processes, and technology to efficiently detect, respond to, and recover from security incidents in accordance with pre-established plans.
View termคู่มือความมั่นคงปลอดภัย
A documented set of repeatable incident response procedures and decision trees tailored to specific threat scenarios or alerts.
View termนิติวิทยาศาสตร์ดิจิทัล
The discipline of identifying, preserving, analyzing, and documenting digital evidence from electronic devices to support incident response, legal processes, or internal investigations.
View termปิดเหตุการณ์
The formal completion and documentation of all response activities for a security incident, ensuring lessons learned and post-incident reviews are recorded before closing the case.
View termระบบอัตโนมัติของ Playbook
The automated execution of predefined incident response actions and workflows using orchestration tools, reducing manual intervention and response time in SOC operations.
View termระบบอัตโนมัติด้านความปลอดภัย
Security Automation is the application of technology to perform repetitive or time-sensitive security operations tasks—such as detection, response, and remediation—without human intervention, typically using SOAR or automated scripting.
View termรายการควบคุมการเข้าถึง
A table or data structure used to specify permissions attached to system objects, defining which users or processes are granted access to objects and operations.
View termวงจรชีวิตแจ้งเตือน
The sequence of phases that a security alert undergoes, from initial detection and triage through investigation, escalation, response, resolution, and closure.
View termวิศวกรรมการตรวจจับ
The discipline of designing, implementing, and tuning security monitoring rules, analytics, and automation to identify threats with accuracy and minimal false positives.
View termสถาปัตยกรรม Zero Trust
A security model that assumes no implicit trust is granted to systems or users inside or outside the network; verification is required for every access request.
View termสายโซ่การเก็บรักษาพยานหลักฐาน
A formal process documenting the chronological handling, transfer, and control of digital evidence, ensuring its integrity and admissibility in legal or regulatory proceedings.
View termสาเหตุหลัก
The fundamental underlying reason or origin of a security incident, breach, or operational failure, identified through structured analysis to inform remediation and prevent recurrence.
View termอาการเหนื่อยล้าจากการแจ้งเตือน
Alert Fatigue is a condition in which security analysts become desensitized or overwhelmed due to excessive or repetitive alerts, potentially resulting in missed detections or slower response in a SOC environment.
View termเทเลเมตรีความปลอดภัย
Security Telemetry refers to the automated collection, transmission, and aggregation of security-relevant data—such as logs, metrics, events, and alerts—from endpoints, networks, and cloud systems to enable real-time monitoring and analysis.
View termเวิร์กโฟลว์การตอบสนอง
A formalized, step-by-step sequence of procedures and roles that guide the incident response process from detection through resolution in accordance with established policies.
View termเวิร์กโฟลว์เหตุการณ์
A structured sequence of tasks and escalation steps followed during the lifecycle of a security incident, from detection through resolution and post-incident review.
View termเอกสารเหตุการณ์
The detailed and systematic recording of all relevant information, actions, decisions, and evidence related to a cybersecurity incident throughout its lifecycle.
View termเอกสารแจ้งเตือน
The detailed recording of all relevant information about a security alert, including source, analysis, actions, and outcomes, to support accountability and future reference.
View termแผนการตอบสนอง
A documented strategy outlining procedures, roles, responsibilities, and communications for responding to cybersecurity incidents.
View termแผนฟื้นฟู
A documented set of actions designed to eliminate the root cause and effects of a security incident, restore affected systems, and reduce the risk of recurrence.
View termไทม์ไลน์ของเหตุการณ์
A detailed chronological record of all events, actions, and system states related to a security incident, used for investigation, reporting, and post-incident review.
View term