T1Tier 1 Analyst
- Receive alert
- Review WHY Critical
- Capture evidence snapshot
- Track SLA
- Create case draft
Unified SIEM, incident workflow, evidence, response, audit
Professional SOC Analyst Platform
A role-aware command center for monitoring alerts, proving why incidents are critical, coordinating tier handoff, and recording every decision.
SOC Command CenterDecision-first + Smart response
12 Jun 202614:35 ICTExecutive mode
SIEMLiveEDRlate 42mWAFLiveFirewallLiveDNSLiveCloudLiveHoneypotLive
Critical18+6
High43+11
Action now9now
Sources32/3786%
MTTD00:07:32-18%
MTTR00:42:18-12%
Role flow + executive mode
One evidence set, different views for analyst, supervisor, admin, and leadership.
T2Tier 2 Analyst
- Accept handoff
- Validate AI next action
- Approve response
- Block / isolate / escalate
- Update timeline
SLSupervisor / SOC Lead
- Monitor source freshness
- Watch queue load
- Review SLA risk
- Confirm handoff quality
- Summarize decision log
ADAdmin / DPO
- Manage RBAC
- Enforce MFA
- Govern PDPA
- Review consent
- Audit trail
EXExecutive Mode
- Current risk level
- Business impact
- SLA remaining
- Current owner
- Response status
Functional architecture
Sources to analysis to response to reporting, tuned for live SOC operations.
L1Sources
SIEM, WAF, EDR, Firewall, DNS, Cloud, Honeypot
L2Ingest / normalize
Poll, deduplicate, validate, and standardize events
L3Correlation + enrichment
IOC, GeoIP, MITRE, threat intelligence
L4Decision engine
WHY Critical, SLA, evidence, owner, next action
L5Case + response
Draft case, isolate, escalate, timeline, decision log
L6Presentation
Dashboard view, executive mode, reporting and tuning
Operational workflow
Alert handling from freshness check to decision log and learning loop.
1Source freshness check
2Alert ingest & correlation
3WHY Critical engine
4Evidence snapshot
5SLA countdown
6Owner & handoff
7Recommended next action
8One-click case draft
9Response decision
10Incident timeline + decision log