A SOC analyst monitors systems, networks, and logs to detect suspicious activity before it becomes a security incident.
Security logs from servers, endpoints, and firewalls are analyzed for anomalies like unauthorized access or unusual traffic patterns.
SIEM platforms collect and correlate data from multiple sources to detect patterns of malicious behavior.
Analysts compare activity against known malicious IPs, domains, and attack signatures.