{"id":9631,"date":"2020-07-01T13:33:00","date_gmt":"2020-07-01T19:33:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/how-to-do-incident-response-triage-right\/"},"modified":"2025-03-19T09:47:31","modified_gmt":"2025-03-19T15:47:31","slug":"%ec%82%ac%ea%b3%a0-%eb%8c%80%ec%9d%91-%eb%b6%84%eb%a5%98%eb%a5%bc-%ec%98%ac%eb%b0%94%eb%a5%b4%ea%b2%8c-%ec%88%98%ed%96%89%ed%95%98%eb%8a%94-%eb%b0%a9%eb%b2%95","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/","title":{"rendered":"\uc0ac\uace0 \ub300\uc751 \ubd84\ub958\ub97c \uc62c\ubc14\ub974\uac8c \uc218\ud589\ud558\ub294 \ubc29\ubc95"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-f49668dca89a07af4c4bed27713f079b6839f643 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-f49668dca89a07af4c4bed27713f079b6839f643{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-3c02e72bbbdd27fbc2206a57dc520373f8b450b2 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Close-up of a cylindrical security sensor or camera mounted on a textured, grey slatted industrial wall.\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2.png 800w, https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2-300x167.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2-768x428.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-6a13826d98ae006805bf00373c567a95c3c65a9a bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2020-07-01T13:33:00-06:00\">7\uc6d4 1, 2020<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">How to do Incident Response Triage Right<\/h1>\n\n\n<div class=\"bs-div bs-div-f106fb945b2c4610a440b9e5b4f63c0c1cbbec02 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/ko\/author\/Katie_Bykowski\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Katie_Bykowski.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tKatie Bykowski\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">3 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-050e6505c2b06c7ce9ca858e2f56661a365e6ba8 bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-b9d738473a055284b615b4f50be5a383dfe4cc38 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('How%20to%20do%20Incident%20Response%20Triage%20Right').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Fhow-to-do-incident-response-triage-right%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=How%20to%20do%20Incident%20Response%20Triage%20Right&url=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Fhow-to-do-incident-response-triage-right%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Fhow-to-do-incident-response-triage-right%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Fhow-to-do-incident-response-triage-right%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-5fcbee853797bef68c609dd2715f511e3ead78a3 bs-column---default bs-column--contents     \">\n<h2>\u00a0<\/h2>\n<p>Triage is the first post-detection incident response process any responder will execute to open an incident or false positive. Structuring an efficient and accurate incident response triage process will reduce analyst fatigue, reduce time to respond to and remediate incidents, and ensure that only valid alerts are promoted to \u201cinvestigation or incident\u201d status.<\/p>\n<p>Every part of the triage process must be performed with urgency, as every second counts when in the midst of a crisis. However, triage responders face the serious challenge of filtering an unwieldy input source into a condensed trickle of events. Here are some suggestions for expediting analysis before data is validated:<\/p>\n<ul>\n<li><strong>Organization:<\/strong> Reduce redundant analysis by developing a workflow that will assign tasks to responders. Avoid sharing an email box or email alias between multiple responders. Instead use a workflow tool, like those in security orchestration, automation, and response (SOAR) solutions, to assign tasks. Implement a process to re-assign or reject tasks that are out of scope for triage.<\/li>\n<li><strong>Correlation:<\/strong> Use a tool such as a security information and even management (SIEM) to combine similar events. Link potentially connected events into one useful event.<\/li>\n<li><strong>Data Enrichment:<\/strong> Automate common queries your responders perform daily, such as reverse DNS lookups, threat intelligence lookups, and IP\/domain mapping. Add this data to the event record or make it easily accessible.<\/li>\n<\/ul>\n<p>Moving full speed ahead is the way to get through the initial incident response triage process, but a more detailed, measured approach is necessary during event verification. Presenting a robust case to be accurately evaluated by your security operations center (SOC) or cyber incident response team (CIRT) analysts is key. Here are a few tips for the verification:<\/p>\n<ul>\n<li><strong>Adjacent Data:<\/strong> Check the information adjacent to the event. For example, if an endpoint has a virus signature hit, look to see if there\u2019s evidence the virus is running before calling for further response metrics.<\/li>\n<li><strong>Intelligence Review:<\/strong> Understand the context around the intelligence. Just because an IP address was flagged as part of a botnet last week doesn\u2019t mean it still is part of a botnet today.<\/li>\n<li><strong>Initial Priority:<\/strong> Align with operational incident priorities and classify incidents appropriately. Make sure the right level of effort is applied to each incident.<\/li>\n<li><strong>Cross Analysis:<\/strong> Look for and analyze potentially shared keys, such as IP addresses or domain names, across multiple data sources for better data acuity.<\/li>\n<\/ul>\n<p>Once an event is verified, the event becomes an investigation or an incident. All incidents must then be investigated and tracked by your SOC or CIRT teams as defined in your investigation process.<\/p>\n<p>Swimlane\u2019s SOAR platform can automate most of the incident response triage process, including assigning workflow tasks and data enrichment. This provides your team with the context they need to complete further analysis. Additional steps in the incident response process, like threat intelligence lookups and remediation steps can be automated, as well. Using SOAR, you can significantly improve your security operations efficiency, while reducing risk and increasing threat protection.<\/p>\n<p>Want to see incident response triage automation in action? Watch our short <a href=\"https:\/\/swimlane.com\/resources\/automating-splunk-alert-triage-demo\/\">video<\/a>.<br \/>Ready for an in-depth look the benefits of automating your triage and broader incident response processes? <a href=\"https:\/\/swimlane.com\/demo\/\">Schedule a personalized demo<\/a> with Swimlane and discover security solutions &#8220;Built by Analysts, for Analysts&#8221;.<\/p>\n<p>*Adapted from an existing <a href=\"https:\/\/swimlane.com\/news\/swimlane-acquires-syncurity\">Syncurity<\/a> blog post.<\/p>\n\n\n\n<div class=\"bs-div bs-div-04948e27873290ae1fdf63e32885bbbe853bc5b6 bs-div---default bs-div--blog-inner-download-guide\"><style>.bs-div.bs-div-04948e27873290ae1fdf63e32885bbbe853bc5b6 {background-image: url(https:\/\/swimlane.com\/wp-content\/uploads\/2022\/10\/download-report.png); background-position: center center;\n    background-size: cover;} <\/style><div class=\"bs-div__inner d-flex flex-wrap justify-content-center  flex-md-row-reverse align-items-md-center justify-content-md-between flex-md-nowrap  \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/Splunk-Alert-Triage-Video-Thumbnail.png' class='img-fluid'   alt='Use Case Splunk Alert Triage video thumbnail featuring integrations with VirusTotal and Symantec Endpoint Protection with geometric cube graphics.' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n\n<div class=\"bs-div bs-div-2aebcd1b2c11849d7c87d8462be32842b8c42b50 bs-div---default\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"h-automating-splunk-alert-triage-demo-4-11\">Automating Splunk Alert Triage Demo (4:11)<\/h2>\n\n\n\n<p class=\"has-white-color has-text-color\">This use case video demonstrates the automated triage of security alert data received from Splunk. In this demonstration, data is acquired by Splunk, enriched by VirusTotal, and then actions are taken via a Symantec Endpoint Protection integration if deemed malicious.<\/p>\n\n\n\n<span class=\"bs-pro-button bs-pro-button---default bs-pro-button--primary-with-arrow-small bs-pro-button-p-btn-3c4b379ff4b87b8ae3c2283c4ba11be6299699a7\"><style>.bs-pro-button-p-btn-3c4b379ff4b87b8ae3c2283c4ba11be6299699a7 .bs-pro-button__container {background-color: #abb8c3; color: #000000;}<\/style><a href=\"https:\/\/swimlane.com\/resources\/automating-splunk-alert-triage-demo\/\" target=\"\" rel=\"noopener noreferrer\" class=\"bs-pro-button__container\">Watch Now<\/a><\/span>\n<\/div><\/div>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-4ffac197d945e44dadadc9d8f52ba4737135ba21 bs-column---default     \">\n<div class=\"bs-div bs-div-ffc71f24880cf5ca65c4a54e87fb14a656cc562d bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-69c461f15bb5fa3fc09d1aa73a0e5865005218ff bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d09f452b7b9 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ko\/blog\/incident-response\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>6\uc6d4 6, 2023<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>What is Incident Response?<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d09f452d7d1 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ko\/blog\/incident-response-platform\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>9\uc6d4 2, 2022<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Managing Security Alerts with an Incident Response Platform<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d09f452f110 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>9\uc6d4 20, 2017<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Automating cybersecurity incident response plans<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":9632,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[69,70],"class_list":["post-9631","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","resource-type-blogs","blog-category-use-cases","blog-category-secops"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Incident Response Triage Process Automation<\/title>\n<meta name=\"description\" content=\"Triage responders face the serious challenge of filtering an unwieldy input source into a condensed trickle of events.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc0ac\uace0-\ub300\uc751-\ubd84\ub958\ub97c-\uc62c\ubc14\ub974\uac8c-\uc218\ud589\ud558\ub294-\ubc29\ubc95\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to do Incident Response Triage Right\" \/>\n<meta property=\"og:description\" content=\"Triage responders face the serious challenge of filtering an unwieldy input source into a condensed trickle of events.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc0ac\uace0-\ub300\uc751-\ubd84\ub958\ub97c-\uc62c\ubc14\ub974\uac8c-\uc218\ud589\ud558\ub294-\ubc29\ubc95\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-19T15:47:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"446\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04\" \/>\n\t<meta name=\"twitter:data1\" content=\"4\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/\",\"url\":\"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/\",\"name\":\"Incident Response Triage Process Automation\",\"isPartOf\":{\"@id\":\"https:\/\/swimlane.com\/ko\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2.png\",\"datePublished\":\"2020-07-01T19:33:00+00:00\",\"dateModified\":\"2025-03-19T15:47:31+00:00\",\"description\":\"Triage responders face the serious challenge of filtering an unwieldy input source into a condensed trickle of events.\",\"breadcrumb\":{\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/#primaryimage\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2.png\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2.png\",\"width\":800,\"height\":446,\"caption\":\"Close-up of a cylindrical security sensor or camera mounted on a textured, grey slatted industrial wall.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/swimlane.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to do Incident Response Triage Right\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/swimlane.com\/ko\/#website\",\"url\":\"https:\/\/swimlane.com\/ko\/\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"description\":\"Agentic AI automation for every security function\",\"publisher\":{\"@id\":\"https:\/\/swimlane.com\/ko\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/swimlane.com\/ko\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/swimlane.com\/ko\/#organization\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"url\":\"https:\/\/swimlane.com\/ko\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/swimlane.com\/ko\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"width\":912,\"height\":190,\"caption\":\"Low-Code Security Automation & SOAR Platform | Swimlane\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/ko\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/swimlane\",\"https:\/\/www.linkedin.com\/company\/swimlane\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\uc0ac\uace0 \ub300\uc751 \ubd84\ub958 \ud504\ub85c\uc138\uc2a4 \uc790\ub3d9\ud654","description":"\uc751\uae09 \uc0c1\ud669 \ub300\uc751 \ub2f4\ub2f9\uc790\ub4e4\uc740 \ubc29\ub300\ud55c \uc785\ub825 \uc815\ubcf4\ub97c \uac78\ub7ec\ub0b4\uc5b4 \ud575\uc2ec\uc801\uc778 \uc0ac\uac74 \uc815\ubcf4\ub85c \uc815\ub9ac\ud574\uc57c \ud558\ub294 \uc2ec\uac01\ud55c \uacfc\uc81c\uc5d0 \uc9c1\uba74\ud574 \uc788\uc2b5\ub2c8\ub2e4.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc0ac\uace0-\ub300\uc751-\ubd84\ub958\ub97c-\uc62c\ubc14\ub974\uac8c-\uc218\ud589\ud558\ub294-\ubc29\ubc95\/","og_locale":"ko_KR","og_type":"article","og_title":"How to do Incident Response Triage Right","og_description":"Triage responders face the serious challenge of filtering an unwieldy input source into a condensed trickle of events.","og_url":"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc0ac\uace0-\ub300\uc751-\ubd84\ub958\ub97c-\uc62c\ubc14\ub974\uac8c-\uc218\ud589\ud558\ub294-\ubc29\ubc95\/","og_site_name":"AI Security Automation","article_modified_time":"2025-03-19T15:47:31+00:00","og_image":[{"width":800,"height":446,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04":"4\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/","url":"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/","name":"\uc0ac\uace0 \ub300\uc751 \ubd84\ub958 \ud504\ub85c\uc138\uc2a4 \uc790\ub3d9\ud654","isPartOf":{"@id":"https:\/\/swimlane.com\/ko\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2.png","datePublished":"2020-07-01T19:33:00+00:00","dateModified":"2025-03-19T15:47:31+00:00","description":"\uc751\uae09 \uc0c1\ud669 \ub300\uc751 \ub2f4\ub2f9\uc790\ub4e4\uc740 \ubc29\ub300\ud55c \uc785\ub825 \uc815\ubcf4\ub97c \uac78\ub7ec\ub0b4\uc5b4 \ud575\uc2ec\uc801\uc778 \uc0ac\uac74 \uc815\ubcf4\ub85c \uc815\ub9ac\ud574\uc57c \ud558\ub294 \uc2ec\uac01\ud55c \uacfc\uc81c\uc5d0 \uc9c1\uba74\ud574 \uc788\uc2b5\ub2c8\ub2e4.","breadcrumb":{"@id":"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/How-do-to-Incident-Response-Triage-Right_2.png","width":800,"height":446,"caption":"Close-up of a cylindrical security sensor or camera mounted on a textured, grey slatted industrial wall."},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/ko\/blog\/how-to-do-incident-response-triage-right\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"How to do Incident Response Triage Right"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/ko\/#website","url":"https:\/\/swimlane.com\/ko\/","name":"\ub85c\uc6b0\ucf54\ub4dc \ubcf4\uc548 \uc790\ub3d9\ud654 \ubc0f SOAR \ud50c\ub7ab\ud3fc | \uc2a4\uc714\ub808\uc778","description":"\ubaa8\ub4e0 \ubcf4\uc548 \uae30\ub2a5\uc744 \uc704\ud55c \uc5d0\uc774\uc804\ud2b8 \uae30\ubc18 AI \uc790\ub3d9\ud654","publisher":{"@id":"https:\/\/swimlane.com\/ko\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/ko\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/ko\/#organization","name":"\ub85c\uc6b0\ucf54\ub4dc \ubcf4\uc548 \uc790\ub3d9\ud654 \ubc0f SOAR \ud50c\ub7ab\ud3fc | \uc2a4\uc714\ub808\uc778","url":"https:\/\/swimlane.com\/ko\/","logo":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/swimlane.com\/ko\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/ko\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/sw_resource\/9631","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/users\/5"}],"version-history":[{"count":0,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/sw_resource\/9631\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/media\/9632"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/media?parent=9631"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/tags?post=9631"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/resource-type?post=9631"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/resource-topic?post=9631"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/resource-industry?post=9631"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/blog-category?post=9631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}