← soc analyst
Take Quiz →
IR Lifecycle, Reporting & SOAR Handoff
intermediate 3h
Own the full SOC output lifecycle — from alert to incident ticket to stakeholder report to lessons-learned — and understand where SOAR automation fits and what it can't replace.
After this module you will
- › Describe the six phases of the NIST IR lifecycle and the SOC's role in each
- › Write a complete incident report that a CISO can act on and a regulator can audit
- › Build a post-incident lessons-learned document that drives detection and process improvements
- › Identify which SOC actions are SOAR-automatable and design approval gates for the rest
- › Hand off an incident cleanly from L1 to L2 to IR team
Lessons
1 The NIST IR Lifecycle — Six Phases and SOC Ownership
20 min 2 Incident Report Writing — For Every Audience
25 min 3 Post-Incident Lessons Learned — From Incident to Improvement
20 min 4 SOAR Design — Automating the Right Things
20 min 5 SOC Metrics and Reporting — Measuring What Matters
20 min Module Quiz
Test your knowledge before moving on.