Sample SOC Standard Operating Procedures

The Sample SOC Standard Operating Procedure (SoP) outlines the roles, responsibilities, and processes for Security Operations Center (SOC) operations, including 24x7 monitoring and incident response. It details the incident lifecycle, classification, investigation process, escalation protocol, and post-incident activities, along with tools and technologies used in SOC. Additionally, it emphasizes compliance mapping to relevant standards such as NIST 800-61 and ISO/IEC 27035.

Uploaded by

home dial

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

100% found this document useful (2 votes)

2K views2 pages

Sample SOC Standard Operating Procedures

Uploaded by

home dial

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 2

Sample SOC Standard Operating Procedure (SoP)

📘 1. Introduction
• Purpose: Define roles, responsibilities, and processes for SOC operations.
• Scope: Covers 24x7 monitoring, incident detection, response, and
escalation.
• Audience: SOC analysts, incident responders, management, IT, compliance
teams.

2. SOC Roles & Responsibilities

Role Responsibility
Tier 1 Analyst Monitor alerts, triage incidents, escalate as needed
Tier 2 Analyst Investigate escalated incidents, perform threat hunting
Tier 3 / IR Lead incident response, coordinate with stakeholders
SOC Manager Oversee operations, reporting, and team performance

🚦 3. Incident Lifecycle & Classification

Incident Categories:
• Unauthorized access
• Malware detection
• Insider threat
• DoS/DDoS attacks
• Data exfiltration
Severity Levels:
Severity Description Response Time
Critical Active breach/data loss Immediate
High Threat detected with impact <30 mins
Medium Suspicious behavior <4 hours
Low Informational Next business day

📡 4. Detection & Monitoring

• Use [SIEM tool] for real-time log analysis.
• Set up correlation rules for known threat patterns.
• Integrate threat intelligence feeds.

🔍 5. Investigation Process
1. Validate the alert (false positive check).
2. Correlate with logs (firewall, EDR, proxy, etc.).
3. Check for known indicators of compromise (IOCs).
4. Assign severity and document findings.

📈 6. Escalation Protocol
• Tier 1 ➡ Tier 2 ➡ Tier 3 ➡ CISO or IR team
• Use internal ticketing (e.g., ServiceNow/JIRA)
• Notify stakeholders via email/chat for critical incidents.

🧪 7. Containment & Eradication

• Isolate affected endpoints
• Revoke compromised accounts
• Remove malware using EDR/AV tools
• Patch vulnerabilities

🧾 8. Post-Incident Activities
• Root Cause Analysis (RCA)
• Lessons learned workshop
• Update detection rules/playbooks
• Submit incident report (within 24-72 hours)

9. Shift Handover Process

• Daily briefing: key incidents, pending investigations
• Use handover template with:
○ Ongoing tickets
○ Critical system status
○ Upcoming maintenance

🧰 10. Tools & Technologies

• SIEM: [Splunk / QRadar / Sentinel]
• SOAR: [Cortex XSOAR / IBM Resilient]
• Threat Intel: [AlienVault OTX / MISP]
• EDR/XDR: [CrowdStrike / SentinelOne]

🧾 11. Documentation & Reporting

• Incident logbook
• Daily summary reports
• Weekly trend dashboards
• Compliance logs (for audits)

12. Compliance Mapping (Optional)

Map each SoP element to:
• NIST 800-61
• ISO/IEC 27035
• MITRE ATT&CK tactics

Standard Operating Procedure
No ratings yet
Standard Operating Procedure
4 pages
Final MSIS Paper
No ratings yet
Final MSIS Paper
8 pages
ITWorks SOC Design Report (Template)
No ratings yet
ITWorks SOC Design Report (Template)
24 pages
General Requirement For The Effective Working of SOC
No ratings yet
General Requirement For The Effective Working of SOC
7 pages
Building an Effective Security Operations Center
No ratings yet
Building an Effective Security Operations Center
11 pages
SOC Manager Handbook: Essential Guide
No ratings yet
SOC Manager Handbook: Essential Guide
16 pages
SOC Analyst L3 Job Description and Skills
No ratings yet
SOC Analyst L3 Job Description and Skills
2 pages
SOC Analyst - Monthly Report Assessment
100% (1)
SOC Analyst - Monthly Report Assessment
5 pages
SOC Insights for Aspiring Analysts
No ratings yet
SOC Insights for Aspiring Analysts
10 pages
Alert Analysis L1 External
No ratings yet
Alert Analysis L1 External
7 pages
Purpose of a Security Incident Response Plan
No ratings yet
Purpose of a Security Incident Response Plan
4 pages
SANS 504: What Is Incident Handling ?
No ratings yet
SANS 504: What Is Incident Handling ?
22 pages
All About SOC (Security Operation Centers)
No ratings yet
All About SOC (Security Operation Centers)
37 pages
Microsoft 365 Business Premium Features
No ratings yet
Microsoft 365 Business Premium Features
1 page
Security Operation Center Concepts Implementation
No ratings yet
Security Operation Center Concepts Implementation
30 pages
Understanding Security Operations Centers
No ratings yet
Understanding Security Operations Centers
2 pages
Ec Council Certified Soc Analyst Module 4 - SIEM - Short & Detailed Teaching Guide
No ratings yet
Ec Council Certified Soc Analyst Module 4 - SIEM - Short & Detailed Teaching Guide
24 pages
QRadar SIEM and Palo Alto Approved
No ratings yet
QRadar SIEM and Palo Alto Approved
13 pages
Windows SIEM Use Cases and Scenarios
No ratings yet
Windows SIEM Use Cases and Scenarios
86 pages
Understanding Security Operations Centers
No ratings yet
Understanding Security Operations Centers
3 pages
Sophos Email Ds
No ratings yet
Sophos Email Ds
2 pages
Crowdstrike SIEM Connector V1
No ratings yet
Crowdstrike SIEM Connector V1
17 pages
Soc Analyst
No ratings yet
Soc Analyst
30 pages
SOC Manager Job Description
No ratings yet
SOC Manager Job Description
2 pages
SOC Fundamentals 1736729960
No ratings yet
SOC Fundamentals 1736729960
18 pages
Proposal Template
No ratings yet
Proposal Template
3 pages
Foreman Implementing A Security Operations Center PDF
No ratings yet
Foreman Implementing A Security Operations Center PDF
4 pages
Security Operation Center
100% (2)
Security Operation Center
57 pages
Cybersecurity Incident Response Playbooks
No ratings yet
Cybersecurity Incident Response Playbooks
1 page
27 Use Cases of Suricata IDS For Insider Threat Detection 1728476633
No ratings yet
27 Use Cases of Suricata IDS For Insider Threat Detection 1728476633
35 pages
NOAA Data Protection Strategy
No ratings yet
NOAA Data Protection Strategy
9 pages
Cisco Talos Incident Response Overview
No ratings yet
Cisco Talos Incident Response Overview
2 pages
The Use Cases Are Critical To Identifying Any of The Early
No ratings yet
The Use Cases Are Critical To Identifying Any of The Early
10 pages
SOC Analyst
No ratings yet
SOC Analyst
4 pages
2025 Cybersecurity Attacs Playbook
No ratings yet
2025 Cybersecurity Attacs Playbook
81 pages
Module 01 Security Operations and Management
No ratings yet
Module 01 Security Operations and Management
14 pages
200 SIEM Use Cases For SOC Analyst L1
No ratings yet
200 SIEM Use Cases For SOC Analyst L1
5 pages
Zero Trust PDF
No ratings yet
Zero Trust PDF
19 pages
SOC Analyst Expertise Overview
No ratings yet
SOC Analyst Expertise Overview
2 pages
500++ SIEM Use Cases With Categories
No ratings yet
500++ SIEM Use Cases With Categories
20 pages
SOC Structure and Key Functions Explained
No ratings yet
SOC Structure and Key Functions Explained
1 page
A Framerwork of SOC
50% (2)
A Framerwork of SOC
11 pages
TryHackMe Intro To Defensive Security
No ratings yet
TryHackMe Intro To Defensive Security
1 page
Incident Response and Playbooks
No ratings yet
Incident Response and Playbooks
10 pages
Soc-Cmm 2.2 - Basic
No ratings yet
Soc-Cmm 2.2 - Basic
482 pages
SOC Engineer Training Guide
50% (2)
SOC Engineer Training Guide
3 pages
04 SOC Processes
100% (1)
04 SOC Processes
30 pages
AlienVault Installation Guide
No ratings yet
AlienVault Installation Guide
57 pages
NIST Cybersecurity Framework Overview
No ratings yet
NIST Cybersecurity Framework Overview
36 pages
DarktraceReport2022-04-01T05 00 00 2022-05-01T04 59 00
No ratings yet
DarktraceReport2022-04-01T05 00 00 2022-05-01T04 59 00
69 pages
Incident Response for IT Managers
No ratings yet
Incident Response for IT Managers
34 pages
QRadar SIEM Level 2 Quiz Results
No ratings yet
QRadar SIEM Level 2 Quiz Results
12 pages
Soc-Cmm 2.3.4 - Basic
No ratings yet
Soc-Cmm 2.3.4 - Basic
721 pages
Soc CMM in Categories
No ratings yet
Soc CMM in Categories
20 pages
En CCNAS v11 Ch05
No ratings yet
En CCNAS v11 Ch05
102 pages
Ec Council Certified Soc Analyst - Module 1 - Security Operations and Management
No ratings yet
Ec Council Certified Soc Analyst - Module 1 - Security Operations and Management
15 pages
A Security Operations Center (SOC)
No ratings yet
A Security Operations Center (SOC)
3 pages
SOC Checklist
No ratings yet
SOC Checklist
2 pages
Soc 1683590801
No ratings yet
Soc 1683590801
1 page
SOC Strategies for IT Security
No ratings yet
SOC Strategies for IT Security
12 pages
The Wildlife of Burundi
No ratings yet
The Wildlife of Burundi
3 pages
22 Animals of Colombia Research
No ratings yet
22 Animals of Colombia Research
5 pages
Migration Patterns of Salmons
No ratings yet
Migration Patterns of Salmons
2 pages
Migration Patterns of Whales
No ratings yet
Migration Patterns of Whales
2 pages
Migration Patterns of Geese
No ratings yet
Migration Patterns of Geese
5 pages
Traditional, Generative and Agentic AI
No ratings yet
Traditional, Generative and Agentic AI
1 page
Elephant Care in Kerala Research Paper
No ratings yet
Elephant Care in Kerala Research Paper
2 pages
Cat Breeding Essentials Guide
No ratings yet
Cat Breeding Essentials Guide
1 page
What Is Cyber Security? Definition & Best Practices
No ratings yet
What Is Cyber Security? Definition & Best Practices
7 pages
Btech Cybersecurity
No ratings yet
Btech Cybersecurity
1 page
Phishing Attack Pentesting Guide
No ratings yet
Phishing Attack Pentesting Guide
24 pages
Technical Note FORTIMAIL Configuration For Enterprise Deployment Rev 2.1
No ratings yet
Technical Note FORTIMAIL Configuration For Enterprise Deployment Rev 2.1
11 pages
Cyber Incident Response Plan Te
No ratings yet
Cyber Incident Response Plan Te
43 pages
ravaत किस्मत बदल देते हैं रावण संहिता के ये 10 तांत्रिक उपाय Patrika Hindi News
No ratings yet
ravaत किस्मत बदल देते हैं रावण संहिता के ये 10 तांत्रिक उपाय Patrika Hindi News
12 pages
2021 Q3 Financial Services Industry Threat Landscape Report
No ratings yet
2021 Q3 Financial Services Industry Threat Landscape Report
20 pages
Ethical Hacking: Understanding Vulnerabilities
No ratings yet
Ethical Hacking: Understanding Vulnerabilities
19 pages
Calapan Voter List: Precinct 0013A
No ratings yet
Calapan Voter List: Precinct 0013A
64 pages
Understanding Pretexting in Social Engineering
No ratings yet
Understanding Pretexting in Social Engineering
2 pages
Access Control Essentials
No ratings yet
Access Control Essentials
10 pages
Computer Security: CIA Triad & Risks
No ratings yet
Computer Security: CIA Triad & Risks
11 pages
Cybersecurity Conference Agenda 2012
No ratings yet
Cybersecurity Conference Agenda 2012
3 pages
10 Virus and Antivirus Worksheet Answers
No ratings yet
10 Virus and Antivirus Worksheet Answers
4 pages
CEH & CHFI Exam Blueprint Guide
No ratings yet
CEH & CHFI Exam Blueprint Guide
10 pages
Mohamed Ewies CV-3
No ratings yet
Mohamed Ewies CV-3
1 page
Co1 Mil Legal
No ratings yet
Co1 Mil Legal
36 pages
Mandiant M Trends Executive Edition 2024
No ratings yet
Mandiant M Trends Executive Edition 2024
6 pages
Penetration Testing Characteristics Explained
No ratings yet
Penetration Testing Characteristics Explained
12 pages
Securing IoT Against Cyber Threats
100% (1)
Securing IoT Against Cyber Threats
2 pages
Corporate Email Usage Guide
No ratings yet
Corporate Email Usage Guide
3 pages
Empowerment Technologies Week 3
No ratings yet
Empowerment Technologies Week 3
45 pages
Module 1
No ratings yet
Module 1
38 pages
ETE INT250 - Digital Evidence Analysis Question Paper
No ratings yet
ETE INT250 - Digital Evidence Analysis Question Paper
3 pages
SY0-701 Practice Questions & Answers
100% (1)
SY0-701 Practice Questions & Answers
52 pages
Phishing Emails Analysis
No ratings yet
Phishing Emails Analysis
17 pages
Ethical Hacking
No ratings yet
Ethical Hacking
6 pages
ICDL IT Security
100% (1)
ICDL IT Security
62 pages
Certified List of Candidates: Cavite - City of General Trias Cavite - City of General Trias
No ratings yet
Certified List of Candidates: Cavite - City of General Trias Cavite - City of General Trias
2 pages
CompTIA Security+ Guide To Network Security Fundamentals 5th Edition Test Bank
No ratings yet
CompTIA Security+ Guide To Network Security Fundamentals 5th Edition Test Bank
9 pages