When should an L1 SOC analyst escalate an incident to L2, and what is the proper process for doing so? What information should be included in the escalation to ensure a smooth handoff?

Sample answer preview

Knowing when and how to escalate is one of the most important skills an L1 analyst can develop. Escalating too early wastes senior analyst time, while escalating too late gives attackers more room to operate.