search

Identification tools and techniques

file-pdf
11MB
Incident Response Stage 2: Identification.pdf
PDF
arrow-up-right-from-squareOpen

hashtag
Tool types

  • Network

  • Host

  • Cloud

  • General IT operational tools

hashtag
Network tools

  • Network IDS (NIDS)

  • Network IPS

  • Firewalls

  • SIEM solutions

  • Sniffers

  • Packet brokers and aggregators

hashtag
Host-based tools

  • Host-based intrusion detection

  • Host-based firewalls

  • Host event logs

hashtag
Cloud-based considerations

  • Still need network and host tools

  • Most will be virtual

  • Networks based on Software Defined Networking

  • Ask CSP about options as well

hashtag
IT Operations

  • IT System Administrators

  • IT Support ticketing systems

hashtag
Threat Hunting Teams

Good hunt teams will find threats that slipped by everything else

Sometimes the hunt team provides the only known indicators of Compromise (IoC's)

They also have great tools!

PreviousCommunication/notification of an incidentNextIncident containment

Last updated