Analyst Guide

Analysts in Energy SOAR work through two primary views. The Alerts list shows incoming events from all connected sources. Each alert can be triaged, ignored, or promoted directly to a case. The Cases workspace holds the full investigation: tasks, observables, timeline, analyst notes, and attachments.

This chapter follows the investigation workflow from start to finish. It covers alert triage and case creation, then goes deeper into each part of the case interface. The Dashboard and Reports pages cover summary views and data exports. The Workflows page explains how to trigger automated response playbooks from within a case.

• Alerts
• Cases
• Tasks
• Search
• Dashboard
• Live stream
• Reports
• Workflows