Quote:
Originally Posted by Unregistered
Is it all the SOC like that ?
|
SOC is mainly waiting for alerts and doing incident response (could include cyber threat attribution, forensics for in-house SOC, not those third party MSSPs).
If got alerts means busy, no alert means wait for shift to be over, that's pretty much the nature of shift work.