Identification tools and techniques
Tool types
Network
Host
Cloud
General IT operational tools
Network tools
Network IDS (NIDS)
Network IPS
Firewalls
SIEM solutions
Sniffers
Packet brokers and aggregators
Host-based tools
Host-based intrusion detection
Host-based firewalls
Host event logs
Cloud-based considerations
Still need network and host tools
Most will be virtual
Networks based on Software Defined Networking
Ask CSP about options as well
IT Operations
IT System Administrators
IT Support ticketing systems
Threat Hunting Teams
Good hunt teams will find threats that slipped by everything else
Sometimes the hunt team provides the only known indicators of Compromise (IoC's)
They also have great tools!
Last updated