The inclusion of threat intelligence and continuous monitoring capabilities in phase B allows the incident response capability to become more flexible in addressing issues. With SOC oversight, incident response personnel can start to tackle the bigger fires and address the smaller ones at a later time.

There is a minor integration of data exposure and sharing between incident response, threat intel, continuous monitoring, and the SOC. However small, this small integration of capabilities allows the information to flow between the tactical and strategic levels of the organization through the security state analysis channels.