Cyber Incident Response

Home API Penetration Testing Course Malware Analysis API Authentication SSDLC IS Auditing, Controls and Assurance Cyber Incident Response Security of the Pipeline Security in the Pipeline Container Security Infrastructure as Code

Cyber Incident Response
Incident Response Fundamentals
Stages of Incident Response
Follow Up / Lessons Learned
Understanding the Incident Response process and tools quiz

Powered by GitBook

On this page

Tool types
Network tools
Host-based tools
Cloud-based considerations
IT Operations
Threat Hunting Teams

Identification tools and techniques

PreviousCommunication/notification of an incident NextIncident containment

Last updated 2 months ago

Tool types

Network
Host
Cloud
General IT operational tools

Network tools

Network IDS (NIDS)
Network IPS
Firewalls
SIEM solutions
Sniffers
Packet brokers and aggregators

Host-based tools

Host-based intrusion detection
Host-based firewalls
Host event logs

Cloud-based considerations

Still need network and host tools
Most will be virtual
Networks based on Software Defined Networking
Ask CSP about options as well

IT Operations

IT System Administrators
IT Support ticketing systems

Threat Hunting Teams

Good hunt teams will find threats that slipped by everything else

Sometimes the hunt team provides the only known indicators of Compromise (IoC's)

They also have great tools!

Incident Response Stage 2: Identification.pdf