SOC stands for Security Operations Center, There are 3 layer/tier in SOC, tire 1 will observe the network flow, if any suspicious activity observed it will escalate to tier 2 analyst. Main task of tier 2 analyst is to deep investigate for suspicious alert and escalate to client. And tier 3 is a SOC manager who build the rule/procedures for SOC.