The invention discloses a security operation center (SOC) Bot for assisting an SOC analyst in detecting, surveying and recovering various events in enterprise network security. The SOC Bot comprises the parts of data collection, data identification, data processing, data integration, machine learning, marking and alarming, command execution and the like, and the parts cooperate to finish the functions of enterprise security clue collection, security event monitoring and marking, security threat alarming, and security protection and recovery, provide analysis clues for the SOC security analyst, and execute tasks issued by the security analyst. Through the Bot, the labor intensity of the analyst can be relieved greatly, and the efficiency and automation and intelligence levels of enterprise security detection and maintenance work are increased and raised greatly.