As you move into a senior (Level 2) analyst role, the scope of your responsibilities shifts. Technical alert triage is still part of the job, but your findings now need to reach people beyond the SOC, through formal case reports. This room explores the report writing skills that make you effective at the Level 2 role and beyond.
Learning Objectives
- Understand the purpose and value of professional reports
- Explore SOC report templates for various target audiences
- Learn how AI helps with report writing, and what the pitfalls are
- Practice the acquired knowledge in two interactive simulations
π οΈ Type: Walkthrough
π€ Role: SOC Analyst
πͺ Difficulty: Medium
πLink : https://tryhackme.com/room/reportwritingsocl2
L1 vs L2 Communication
Which SOC tier, L1 or L2, bridges the SOC and the outside world?
L2
What do L2 analysts write to summarize SOC findings (one word)?
Reports
Leadership Communication
Should you complete the analysis after sharing the initial SOC report? (Yea/Nay)
Yea
Should you keep your team informed about the ongoing communication? (Yea/Nay)
Yes
What flag did you receive after completing the task's challenge?
thm{executivE_summAry_ApprovEd}
SOC/DFIR Communication
Are L2 handover notes meant for a non-technical audience? (Yea/Nay)
yea
What part of the handover notes lists your findings chronologically?
Attack Timeline
What flag did you receive after completing the task's challenge?
thm{trysAvemE_would_bE_proud}
Responsible AI Usage
What should you provide in the AI prompt to get the best reports?
Context
Should you fully rely on GenAI for critical decision making? (Yea/Nay)
no
Conclusion
Communication becomes more critical as you move up to L2 and beyond. Even if you are a security expert, the employees and customers you protect can't act without clear, simple guidance from you. Don't underestimate report writing, as it is a core skill for L2 and further leadership roles. Also, if you plan to take the SAL2 exam, check out the section below.
Thank you for reading.