What is the time to investigate (TTI)?

  • Post author:
  • Post category:Blog
  • Reading time:2 mins read
  • Post last modified:June 12, 2024

What is the time to investigate (TTI)?

  • The time it takes to determine if an alert is a true positive or false positive
  • The time it takes a security analyst to fully inspect and qualify an alert
  • The time that passes from when the SOC technical platform creates an alert to when an analyst acknowledges detection and begins working on the alert
  • The time it takes to triage an alert
Explanation & Hint:

The Time to Investigate (TTI) generally refers to:

  • The time it takes a security analyst to fully inspect and qualify an alert. This encompasses the period from when an alert is generated until the analyst has completed their investigation of the alert to determine its nature and whether it represents a real threat (true positive) or not (false positive).

It can also relate to:

  • The time that passes from when the SOC technical platform creates an alert to when an analyst acknowledges detection and begins working on the alert. This definition emphasizes the initial acknowledgment and commencement of the investigation process.

TTI is a key performance indicator in security operations, as it reflects the efficiency and effectiveness of the incident response process. A shorter TTI means that potential security incidents are being addressed more quickly, which is crucial in mitigating threats and reducing the impact of attacks.

For more Questions and Answers:

Threat Investigation Post-Assessment | CBROPS

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments