AV

SOC operations

Live analyst board.

Triage queue, on-shift load, and SLA performance — synchronized across all regional pods.

94.2% SLA met · 24h3 escalations open

Open alerts

31
-6.4%24h

Auto-resolved (24h)

284
+11.2%24h

Median triage time

3m 22s
-8%24h

Analysts on shift

14
3 pods · 5 regions

Queue

12

Unusual OAuth scope grant

medium

ALR-91212OktaCore

Bulk download · sharepoint

low

ALR-91210M365

Stale credential reuse

low

ALR-91207IAM

Triage

7

Process hollowing on fin-db-prod-04

critical

ALR-91204CrowdLens

Egress to unsanctioned ASN

high

ALR-91197GuardWatch

In Progress

9

Impossible travel · svc-account-build

high

ALR-91182OktaCore

Privileged exec in k8s-payments

medium

ALR-91175Lens-Q

DNS tunneling pattern · edge-pop-sgp

medium

ALR-91168NetScope

Escalated

3

Token theft · Salesforce surface

critical

INC-4471IR Bridge

Active alerts

IDSeverityRuleAssetSourceAgeOwner
ALR-91204criticalProcess Hollowing detectedfin-db-prod-04EDR · CrowdLens2mL. Okonkwo
ALR-91197highEgress to unsanctioned ASNvpc-eu-w-2Cloud · GuardWatch7mUnassigned
ALR-91182highImpossible travel · 4 hopssvc-account-buildIdentity · OktaCore12mK. Marchetti
ALR-91175mediumUnusual privileged execk8s-paymentsSIEM · Lens-Q18mL. Okonkwo
ALR-91168mediumDNS tunneling patternedge-pop-sgpNetwork · NetScope26mS. Berenson
ALR-91161lowLookalike domain spoofexec-mailboxEmail · Inkwell41mK. Marchetti

On-shift roster

  • LO

    L. Okonkwo

    Tier-3 Hunter

    Load7
  • KM

    K. Marchetti

    Tier-2 Analyst

    Load4
  • SB

    S. Berenson

    Tier-2 Analyst

    Load5
  • RH

    R. Hayashi

    Tier-1 Triage

    Load9
  • PD

    P. Devereux

    IR Lead

    Load2

P1 SLA

98.4%

P2 SLA

94.7%

Response performance

Time-to-acknowledge · trailing 30d