Alert Triage
Origin Watchtower: Tier-1 Signal Discipline
A guided alert lab that teaches repeatable triage for noisy SOC queues, with decision trees tied to realistic vendor telemetry.
- Duration
- 3 weeks · async + 2 live clinics
- Format
- Cohort with mentor review
- Price (KRW)
- ₩420,000
- Filters
- Foundations · Short bursts
Overview
Participants rotate through a synthetic queue where each alert bundles context windows, asset criticality, and analyst notes. The emphasis is on writing concise disposition statements and escalating with evidence, not memorizing vendor defaults.
What is included
- ✓ Queue simulator with randomized alert bundles
- ✓ Rubric-based peer review on dispositions
- ✓ Escalation packet templates for handoffs
- ✓ SIEM pivot drills with saved searches
- ✓ Weekly office hours with instructor feedback
- ✓ Scenario replay with annotated timelines
- ✓ Exportable triage checklist for your team wiki
Outcomes
- 1. Produce consistent triage notes your shift can trust
- 2. Reduce duplicate escalations through structured checks
- 3. Document decisions in a way audits can follow
Lead facilitator
Hana Sorell
Lead SOC instructor focused on analyst coaching and measurable queue hygiene.
FAQ
We teach vendor-agnostic triage mechanics. Vendor-specific labs are illustrative; your team maps the same steps to your stack.
Participant notes
“The Origin Watchtower queue forced me to write dispositions I would actually ship. The rubric caught vague language I did not notice before.”
“Clear pacing. I liked that escalations required a packet, not a chat ping.”