Kategoriler
Incele SOC terms for siber guvenlik profesyonelleri.
The scientific examination and investigation of digital devices, logs, or data to identify, collect, preserve, and analyze evidence related to security incidents, enabling root-cause determination and supporting legal or disciplinary action, as described in NIST SP 800-86 and ISO/IEC 27037.
Terimi gorThe application of specialized techniques to collect, preserve, and analyze digital evidence from information systems following a security incident.
Terimi gorThe detailed recording of all relevant information about a security alert, including source, analysis, actions, and outcomes, to support accountability and future reference.
Terimi gorThe process of verifying whether a security alert is genuine, actionable, and relevant, typically by correlating with additional telemetry or threat intelligence to reduce false positives before escalation.
Terimi gorThe structured process of examining the source, context, and impact of a security alert to determine its validity, root cause, and next response steps.
Terimi gorThe systematic process of evaluating, prioritizing, and categorizing security alerts based on severity, credibility, and potential impact, enabling efficient resource allocation and rapid incident detection within a SOC, as described in NIST SP 800-61 and MITRE ATT&CK®.
Terimi gorThe sequence of phases that a security alert undergoes, from initial detection and triage through investigation, escalation, response, resolution, and closure.
Terimi gorThe process of forwarding a security alert to higher-level analysts or decision makers when the event exceeds the current responder’s authority or capacity.
Terimi gorThe process of ranking and categorizing security alerts based on risk, relevance, and organizational impact, to enable efficient triage and response by SOC analysts.
Terimi gorAnomaly Detection is the process of identifying unusual patterns, events, or activities in datasets, logs, or network traffic that may indicate a security incident, compromise, or operational risk, utilizing baselines and advanced algorithms. Used in SOCs for early warning and threat detection.
Terimi gorThe practice of dividing a computer network into subnetworks, each being a network segment, to improve security, performance, and manageability by restricting lateral movement.
Terimi gorThe controlled process of securing, documenting, and protecting digital or physical evidence to maintain integrity for internal review or legal proceedings.
Terimi gorThe systematic process of gathering digital artifacts, logs, devices, or other data relevant to a security incident, following forensic best practices to preserve integrity.
Terimi gorThe discipline of identifying, preserving, analyzing, and documenting digital evidence from electronic devices to support incident response, legal processes, or internal investigations.
Terimi gorSteps taken to eliminate the cause of a detected security incident, restore affected systems, and strengthen defenses to prevent recurrence.
Terimi gorRemediation Workflow is a structured, documented process for addressing and resolving identified security issues or incidents, encompassing investigation, mitigation, validation, and post-incident review steps within security operations.
Terimi gorA documented set of actions designed to eliminate the root cause and effects of a security incident, restore affected systems, and reduce the risk of recurrence.
Terimi gorA table or data structure used to specify permissions attached to system objects, defining which users or processes are granted access to objects and operations.
Terimi gorAutomated or manual notification process by which a security system or analyst informs relevant personnel of detected suspicious activity or confirmed incidents in real time.
Terimi gorSecurity Analytics refers to the use of advanced data analysis techniques, including machine learning and statistical models, to aggregate, process, and interpret large volumes of security event data for detecting threats, prioritizing alerts, and supporting incident response.
Terimi gorThe formal process of communicating significant security events or incident statuses to designated stakeholders or regulatory bodies, ensuring transparency and compliance.
Terimi gorContinuous observation, collection, and analysis of security events and data across information systems to detect threats, policy violations, or anomalous activities as part of organizational risk management.
Terimi gorAll coordinated activities performed in a Security Operations Center (SOC) to monitor, detect, investigate, and respond to cybersecurity threats in real time. This includes proactive defense, continuous monitoring, incident handling, and threat intelligence integration, as described in NIST SP 800-137 and ISO/IEC 27035.
Terimi gorThe automated coordination and integration of security tools, processes, and workflows to accelerate response and improve operational efficiency in security operations centers.
Terimi gorSecurity Automation is the application of technology to perform repetitive or time-sensitive security operations tasks—such as detection, response, and remediation—without human intervention, typically using SOAR or automated scripting.
Terimi gorA documented set of repeatable incident response procedures and decision trees tailored to specific threat scenarios or alerts.
Terimi gorAny action or event that contravenes an established information security policy or standard, triggering investigation or response according to compliance protocols.
Terimi gorSecurity Telemetry refers to the automated collection, transmission, and aggregation of security-relevant data—such as logs, metrics, events, and alerts—from endpoints, networks, and cloud systems to enable real-time monitoring and analysis.
Terimi gorCoordinated activities by security personnel to mitigate, contain, and resolve identified threats or incidents in accordance with organizational protocols.
Terimi gorThe formal process of informing affected parties, regulators, and other stakeholders about a confirmed data breach, in accordance with legal and contractual obligations.
Terimi gorCompromise Assessment is the comprehensive evaluation of an organization’s systems, networks, and data to identify evidence of past or ongoing security breaches or unauthorized access, often leveraging threat hunting techniques.
Terimi gorA structured series of analytical steps undertaken by security teams to determine the scope, cause, and impact of a cybersecurity incident, using forensic techniques and available evidence.
Terimi gorThe process of removing a compromised or suspicious host from the network to prevent lateral movement and further compromise while incident investigation and remediation are performed.
Terimi gorThe process of examining and interpreting system, application, and security logs to detect, investigate, and respond to security events and operational issues. Used extensively in SOCs for threat hunting, compliance, and forensic investigations.
Terimi gorThe process and policy of securely retaining security event and audit logs for a defined period to ensure availability for investigations, compliance, and forensic analysis.
Terimi gorA set of planned actions and measures taken to limit the spread and impact of a cybersecurity incident, preventing further damage or lateral movement within the environment.
Terimi gorCoordinated organizational actions and communication aimed at containing, resolving, and recovering from severe security incidents or disruptions to minimize operational and reputational damage.
Terimi gorLog Aggregation is the process of collecting and centralizing logs from diverse systems, applications, and devices into a unified repository for correlation, analysis, and compliance within security operations.
Terimi gorResponse Coordination is the organized management of communication, task allocation, and resource deployment among stakeholders during a cybersecurity incident to ensure effective mitigation and timely resolution.
Terimi gorA structured sequence of tasks and escalation steps followed during the lifecycle of a security incident, from detection through resolution and post-incident review.
Terimi gorThe comprehensive examination and assessment of a security incident to determine its cause, scope, impact, and lessons learned for continuous improvement.
Terimi gorTargeted actions taken to reduce the immediate and long-term impact of a security incident, including containment, eradication, and recovery measures.
Terimi gorThe act of formally informing stakeholders, management, or regulatory bodies about a detected or ongoing security incident in accordance with established policies.
Terimi gorThe detailed and systematic recording of all relevant information, actions, decisions, and evidence related to a cybersecurity incident throughout its lifecycle.
Terimi gorA structured post-incident process for evaluating the effectiveness of detection, response, and recovery measures to identify lessons learned and update procedures.
Terimi gorThe proactive state of an organization’s people, processes, and technology to efficiently detect, respond to, and recover from security incidents in accordance with pre-established plans.
Terimi gorThe timely and coordinated exchange of information about an incident’s status, impact, and response among internal teams, stakeholders, and, where required, external parties.
Terimi gorThe formal completion and documentation of all response activities for a security incident, ensuring lessons learned and post-incident reviews are recorded before closing the case.
Terimi gorIncident Categorization is the process of classifying security events or incidents based on type, severity, impact, and urgency to ensure standardized response procedures and accurate reporting within security operations.
Terimi gorThe systematic recording of incident details, timelines, actions taken, and outcomes to ensure transparency, facilitate analysis, and support compliance requirements.
Terimi gorThe process of analyzing and combining related security events from multiple sources to identify patterns indicative of incidents or attacks.
Terimi gorThe coordinated set of actions taken to restore systems, operations, and services to normal functioning after a security incident, minimizing impact and ensuring business continuity.
Terimi gorA coordinated approach to addressing and managing the aftermath of a security breach or cyberattack, with the aim of limiting damage, reducing recovery time and costs, and preventing future incidents. Involves predefined processes for detection, containment, eradication, and recovery, as formalized in NIST SP 800-61 and ISO/IEC 27035.
Terimi gorThe formal process of documenting and communicating the details of a cybersecurity incident to relevant stakeholders, regulatory authorities, or partners, as required by legal, regulatory, or contractual obligations (see NIST SP 800-61 and ENISA guidelines).
Terimi gorThe formal communication process for notifying internal or external authorities about detected security incidents, as required by organizational policy, regulatory, or contractual obligations.
Terimi gorA systematic process of collecting, analyzing, and documenting evidence to determine the cause, impact, and scope of a security incident.
Terimi gorThe actions taken to limit the impact of a security incident by isolating affected systems, preventing lateral movement, and preserving evidence for investigation.
Terimi gorThe systematic process of recording, updating, and monitoring security incidents throughout their lifecycle to ensure accountability, compliance, and timely resolution.
Terimi gorThe process of identifying potential or actual security incidents in an IT environment by monitoring logs, events, and network activity, using automated tools and manual analysis, as described in NIST SP 800-61, ISO/IEC 27035, and SANS guidelines.
Terimi gorA structured set of procedures used by security teams to address, manage, and resolve cybersecurity incidents, including containment, eradication, and recovery, following official frameworks such as NIST SP 800-61 and ISO/IEC 27035.
Terimi gorThe comprehensive process of managing a cybersecurity incident from initial detection through analysis, containment, eradication, recovery, and post-incident review.
Terimi gorA coordinated set of processes and tools for identifying, assessing, responding to, tracking, and resolving security incidents to minimize business impact, ensure compliance, and enable post-incident analysis in accordance with established policies and standards (ref: NIST SP 800-61, ISO/IEC 27035).
Terimi gorThe formal process of transferring a detected security incident to higher-level personnel or specialized teams for further analysis, response, or decision-making.
Terimi gorA detailed chronological record of all events, actions, and system states related to a security incident, used for investigation, reporting, and post-incident review.
Terimi gorThe process of rapidly classifying, prioritizing, and assigning security events for investigation based on impact, severity, and business risk.
Terimi gorThe classification and ranking of security incidents based on risk, severity, and potential business impact to determine response order and resource allocation.
Terimi gorCoordinated actions taken to detect, contain, and mitigate phishing attacks, including user notification, credential reset, and blocking malicious domains.
Terimi gorThe automated execution of predefined incident response actions and workflows using orchestration tools, reducing manual intervention and response time in SOC operations.
Terimi gorThe simulation of real-world attacker behaviors and techniques in a controlled environment to test and improve detection and response capabilities.
Terimi gorA controlled emulation of cyberattacks against systems, networks, or people to assess security posture, validate defenses, and improve response capabilities.
Terimi gorA technique used by attackers or legitimate tools to inject code into the address space of another process, enabling code execution within the context of a target process, often to evade detection or escalate privileges.
Terimi gorA security model that assumes no implicit trust is granted to systems or users inside or outside the network; verification is required for every access request.
Terimi gorA discussion-based incident response simulation where team members review and role-play their actions and decisions for hypothetical security scenarios.
Terimi gorThreat Analysis is the systematic evaluation of potential and actual cyber threats by assessing threat actor capabilities, intent, attack vectors, and potential impact to prioritize mitigation and inform security strategy.
Terimi gorThreat Attribution is the analytical process of linking a detected cyber threat, campaign, or incident to a specific actor, group, or nation-state, based on technical indicators, tactics, infrastructure, and intelligence sources. Essential in cyber threat intelligence and legal proceedings.
Terimi gorA proactive and iterative search through networks, endpoints, and datasets to detect and isolate advanced threats that evade automated security solutions.
Terimi gorOfficial communication to stakeholders regarding the discovery or presence of a specific cyber threat, often required by regulations or internal policy.
Terimi gorA structured process for identifying, analyzing, and prioritizing potential threats to an organization's assets, operations, or information based on current intelligence and risk posture.
Terimi gorEvidence-based knowledge about existing and emerging threats, derived from analysis of indicators, adversary behavior, and context, which is used to inform defense strategies and enable proactive mitigation, as described in NIST SP 800-150, MITRE ATT&CK, and ISO/IEC 27002.
Terimi gorThe analytical process of aggregating and comparing multiple data points from diverse sources to identify relationships or patterns that indicate a sophisticated cyber threat.
Terimi gorA structured process for identifying, prioritizing, and evaluating potential threats and vulnerabilities to an organization’s information systems to guide security controls design and risk mitigation strategies.
Terimi gorAdversary Simulation is a controlled security exercise that emulates realistic cyber attacks by mimicking the tactics, techniques, and procedures (TTPs) of threat actors to assess organizational detection, prevention, and response capabilities.
Terimi gorThe fundamental underlying reason or origin of a security incident, breach, or operational failure, identified through structured analysis to inform remediation and prevent recurrence.
Terimi gorDetection Capability is the measure of an organization's ability to identify and recognize cyber threats, malicious activities, and security incidents in a timely and accurate manner using technical and procedural controls.
Terimi gorThe discipline of designing, implementing, and tuning security monitoring rules, analytics, and automation to identify threats with accuracy and minimal false positives.
Terimi gorThe intentional filtering or silencing of specific security alerts to reduce noise from false positives and allow focus on actionable incidents.
Terimi gorThe process of analyzing and validating security alerts to determine their legitimacy, scope, and required response actions.
Terimi gorAlert Correlation is the process of analyzing and linking related security alerts from different sources or systems to identify complex threats, reduce false positives, and streamline incident response.
Terimi gorAlert Fatigue is a condition in which security analysts become desensitized or overwhelmed due to excessive or repetitive alerts, potentially resulting in missed detections or slower response in a SOC environment.
Terimi gorThe process of adding contextual information to security alerts, such as asset details, user context, or threat intelligence, to improve investigation and response efficiency.
Terimi gorThe process of documenting, tracking, and resolving security incidents or investigations within a structured platform, ensuring workflow accountability, auditability, and collaboration among SOC or IR teams, as defined in NIST SP 800-61 and industry playbooks.
Terimi gorThe process of transferring a security incident or case to a higher-level team or authority due to severity, complexity, or policy requirements.
Terimi gorThe state of preparedness of personnel, processes, and technology to quickly and effectively respond to cybersecurity incidents.
Terimi gorA formalized, step-by-step sequence of procedures and roles that guide the incident response process from detection through resolution in accordance with established policies.
Terimi gorThe structured management and collaboration among teams and stakeholders to ensure efficient containment, eradication, and recovery from a cybersecurity incident.
Terimi gorA documented strategy outlining procedures, roles, responsibilities, and communications for responding to cybersecurity incidents.
Terimi gorAn attack or exploit in which a user or application gains higher access rights or privileges than intended by system policy.
Terimi gorThe process of examining malicious software to understand its behavior, intent, origin, and potential impact on affected systems.
Terimi gorMalware Containment is the set of actions and controls enacted to isolate and prevent the spread of malicious software within an organization’s systems, often as part of the incident response lifecycle.
Terimi gorA formal process documenting the chronological handling, transfer, and control of digital evidence, ensuring its integrity and admissibility in legal or regulatory proceedings.
Terimi gor