Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • Tool types
  • Network tools
  • Host-based tools
  • Cloud-based considerations
  • IT Operations
  • Threat Hunting Teams
  1. Stages of Incident Response
  2. Incident identification

Identification tools and techniques

PreviousCommunication/notification of an incidentNextIncident containment

Last updated 8 months ago

Tool types

  • Network

  • Host

  • Cloud

  • General IT operational tools

Network tools

  • Network IDS (NIDS)

  • Network IPS

  • Firewalls

  • SIEM solutions

  • Sniffers

  • Packet brokers and aggregators

Host-based tools

  • Host-based intrusion detection

  • Host-based firewalls

  • Host event logs

Cloud-based considerations

  • Still need network and host tools

  • Most will be virtual

  • Networks based on Software Defined Networking

  • Ask CSP about options as well

IT Operations

  • IT System Administrators

  • IT Support ticketing systems

Threat Hunting Teams

Good hunt teams will find threats that slipped by everything else

Sometimes the hunt team provides the only known indicators of Compromise (IoC's)

They also have great tools!

11MB
Incident Response Stage 2: Identification.pdf
pdf