CanomaDocs
Open Search
Browse docs sections

SOC Analyst Playbook

How SOC teams can use Canoma for rapid triage and investigation acceleration.

Use this playbook when you need fast, evidence-backed triage and clear handoffs to investigation owners.

Core SOC Workflows

Triage and Validation

  1. Validate emerging threat claims.
  2. Identify likely TTP mapping (MITRE).

Investigation Acceleration

  1. Build immediate hunt pivots from IOCs.
  2. Produce remediation and communication notes.

SOC Query Pattern

bash
Investigate CVE-2025-XXXX for active exploitation signals. Return likely initial access and persistence techniques, plus IOC pivots for hunting in SIEM.

Expected Deliverables

Immediate Outputs

  • Summary and urgency framing.
  • Supporting references.
  • Timeline hints and related incidents.
  • IOC extraction candidates.

Follow-Up Actions

  • Assign an owner for each IOC hunt pivot.
  • Confirm top claims against internal telemetry.
  • Capture unresolved assumptions before handoff.

Built with markdoc.dev.