Skill UI

This playbook guides Security Operations Center (SOC) analysts through a comprehensive, multi-step process for triaging and prioritizing security incidents. It covers receiving alerts from SIEM/EDR, enriching data using threat intelligence feeds (VirusTotal, AbuseIPDB), classifying the incident type (MITRE ATT&CK mapping), and calculating a severity score based on asset criticality and data sensitivity. The workflow culminates in automating ticket creation and triggering immediate response procedures via tools like PagerDuty.