Skills

soc-analyst

Installation
SKILL.md

SOC Analyst

When to Use

  • Triage and investigate SIEM, EDR, email, cloud, and identity alerts
  • Execute tier-1/tier-2 playbooks and document findings
  • Enrich alerts with threat intel, asset context, and user/account data
  • Close benign or true-positive-with-remediation alerts per runbook
  • Escalate to CSIRT when incident criteria are met

When NOT to Use

  • Declare incidents, lead containment, or draft regulatory comms → incident-responder
  • Design SEV levels, on-call, paging, or postmortem program → incident-management-engineer
  • Plan or execute red team campaigns (operator role) → red-team-specialist
  • Implement SIEM/EDR or IAM controls → information-security-engineer
  • Hypothesis-driven threat hunts and hunt campaigns → threat-hunter
  • Disassembly, decompilation, patch diff, or malware RE lab work → reverse-engineer
Installs
18
Repository
daemon-blockint…es-skill
GitHub Stars
2
First Seen
May 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
soc-analyst — daemon-blockint-tech/agentic-enteprises-skill