Case triage is the first-stage sorting of a report, alert, or complaint so it reaches the right team quickly. In security and compliance workflows, triage collects the key facts, checks urgency, assigns a category, and routes the case to the people who can act on it.
This matters because slow or inaccurate triage creates blind spots. A phishing report sent to the wrong queue may never reach the SOC, while an insider-risk complaint may sit unreviewed if it is not marked sensitive. Good triage improves response times, preserves evidence, and reduces the chance that important signals are lost. Defenders often use forms, rules, and automation to pre-classify cases, but human review is still needed when context is unclear or impact is high.