← soc analyst

IR Lifecycle, Reporting & SOAR Handoff

intermediate 3h

Own the full SOC output lifecycle — from alert to incident ticket to stakeholder report to lessons-learned — and understand where SOAR automation fits and what it can't replace.

After this module you will

  • Describe the six phases of the NIST IR lifecycle and the SOC's role in each
  • Write a complete incident report that a CISO can act on and a regulator can audit
  • Build a post-incident lessons-learned document that drives detection and process improvements
  • Identify which SOC actions are SOAR-automatable and design approval gates for the rest
  • Hand off an incident cleanly from L1 to L2 to IR team

Module Quiz

Test your knowledge before moving on.

Take Quiz →